Compare commits
91 commits
beefcake-r
...
main
Author | SHA1 | Date | |
---|---|---|---|
Daniel Flanagan | 8278796bb1 | ||
Daniel Flanagan | ffdbc3891d | ||
Daniel Flanagan | 5ad3a220a7 | ||
Daniel Flanagan | 06427b694c | ||
Daniel Flanagan | 66c0f17e46 | ||
Daniel Flanagan | c8bf3ae618 | ||
Daniel Flanagan | 8afad6f40c | ||
Daniel Flanagan | 0cfb985723 | ||
Daniel Flanagan | 303ca8c871 | ||
Daniel Flanagan | e8dd91e345 | ||
Daniel Flanagan | 2b4b1c5850 | ||
Daniel Flanagan | a1acf60896 | ||
Daniel Flanagan | 2c541801e6 | ||
Daniel Flanagan | 352d4412f2 | ||
Daniel Flanagan | a3997d519a | ||
Daniel Flanagan | 64e4c9c1b2 | ||
Daniel Flanagan | 337e587f92 | ||
Daniel Flanagan | 1bb83efeef | ||
Daniel Flanagan | a7b81162d5 | ||
Daniel Flanagan | 1bec150b17 | ||
Daniel Flanagan | bec787e6ff | ||
Daniel Flanagan | 3eba3a553d | ||
Daniel Flanagan | 9630de5237 | ||
Daniel Flanagan | a3fa043cb9 | ||
Daniel Flanagan | 6624b11014 | ||
Daniel Flanagan | 226c7993b1 | ||
Daniel Flanagan | ce00bd6fed | ||
Daniel Flanagan | 556c58f0fb | ||
Daniel Flanagan | c007790ecf | ||
Daniel Flanagan | 095bfdddfc | ||
Daniel Flanagan | e8564cbae0 | ||
Daniel Flanagan | 9cc15d53fa | ||
Daniel Flanagan | a33de2c711 | ||
Daniel Flanagan | 9e8ce71b65 | ||
Daniel Flanagan | 1469810d2b | ||
Daniel Flanagan | b8ac83f1a1 | ||
Daniel Flanagan | f676b4d7a5 | ||
Daniel Flanagan | a733249377 | ||
Daniel Flanagan | 494a9727c7 | ||
Daniel Flanagan | 8aab4b1056 | ||
Daniel Flanagan | 035fdc710b | ||
Daniel Flanagan | 09b4567c92 | ||
Daniel Flanagan | c2e03c50ae | ||
Daniel Flanagan | 379c26527a | ||
Daniel Flanagan | 3b7aefac96 | ||
Daniel Flanagan | 3df1eeecca | ||
Daniel Flanagan | 529dcce37a | ||
Daniel Flanagan | fbdac308ec | ||
Daniel Flanagan | c92314e731 | ||
Daniel Flanagan | c2095697ef | ||
Daniel Flanagan | f247344b05 | ||
Daniel Flanagan | 637c4e4273 | ||
Daniel Flanagan | c20b5d540f | ||
Daniel Flanagan | 20eaf3acbd | ||
Daniel Flanagan | 0ee453de49 | ||
Daniel Flanagan | 5b80da7323 | ||
Daniel Flanagan | 8c77376e36 | ||
Daniel Flanagan | 8d0e080906 | ||
Daniel Flanagan | b72c71a272 | ||
Daniel Flanagan | 8bb7b4cac2 | ||
Daniel Flanagan | 262ef3bb45 | ||
Daniel Flanagan | 2fc5333362 | ||
Daniel Flanagan | b7925c965e | ||
Daniel Flanagan | 727a70d843 | ||
Daniel Flanagan | a7ec834c6a | ||
Daniel Flanagan | a633ccc36f | ||
Daniel Flanagan | e7ecd05161 | ||
Daniel Flanagan | c520512399 | ||
Daniel Flanagan | 4c07dcacc1 | ||
Daniel Flanagan | 9616fb1df0 | ||
Daniel Flanagan | 3d9a29b857 | ||
Daniel Flanagan | 11e159c7c9 | ||
Daniel Flanagan | 003b5516fe | ||
Daniel Flanagan | f6eb6a72ad | ||
Daniel Flanagan | cf2f2ecf0a | ||
Daniel Flanagan | 524a34d819 | ||
Daniel Flanagan | 352e3d72a2 | ||
Daniel Flanagan | 26f2784f0f | ||
Daniel Flanagan | 25abed953f | ||
Daniel Flanagan | f8b68daf1e | ||
Daniel Flanagan | 6ddc70bcaa | ||
Daniel Flanagan | 67fe4216f2 | ||
Daniel Flanagan | 0ff4336088 | ||
Daniel Flanagan | 66e96e2960 | ||
Daniel Flanagan | 0984c7aef0 | ||
Daniel Flanagan | efe20354ea | ||
Daniel Flanagan | bbd09488ff | ||
Daniel Flanagan | 379adc7ec6 | ||
Daniel Flanagan | 639aad8c8a | ||
Daniel Flanagan | da602beac6 | ||
Daniel Flanagan | de02a81c92 |
33
.sops.yaml
33
.sops.yaml
|
@ -1,7 +1,19 @@
|
|||
keys:
|
||||
# after updating this, you will need to `sops updatekeys secrets.file` for any files that need the new key(s)
|
||||
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
|
||||
- &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7 # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
|
||||
# list any public keys here
|
||||
|
||||
# pass age-key | rg '# pub'
|
||||
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
|
||||
|
||||
# per-host keys can be derived from a target host's ssh keys like so:
|
||||
# ssh host "nix shell nixpkgs#ssh-to-age -c $SHELL -c 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
|
||||
- &sshd-at-beefcake age1etv56f7kf78a55lxqtydrdd32dpmsjnxndf4u28qezxn6p7xt9esqvqdq7
|
||||
- &sshd-at-router age1zd7c3g5d20shdftq8ghqm0r92488dg4pdp4gulur7ex3zx2yq35ssxawpn
|
||||
- &sshd-at-dragon age1ez4why08hdx0qf940cjzs6ep4q5rk2gqq7lp99pe58fktpwv65esx4xrht
|
||||
- &ssh-foxtrot age1njnet9ltjuxasqv3ckn67r5natke6xgd8wlx8psf64pyc4duvurqhedw80
|
||||
|
||||
# after updating this file, you may need to update the keys for any associated files like so:
|
||||
# sops updatekeys secrets.file
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
|
||||
key_groups:
|
||||
|
@ -12,3 +24,18 @@ creation_rules:
|
|||
- age:
|
||||
- *daniel
|
||||
- *sshd-at-beefcake
|
||||
- path_regex: secrets/router/[^/]+\.(ya?ml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *daniel
|
||||
- *sshd-at-router
|
||||
- path_regex: secrets/dragon/[^/]+\.(ya?ml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *daniel
|
||||
- *sshd-at-dragon
|
||||
- path_regex: secrets/foxtrot/[^/]+\.(ya?ml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *daniel
|
||||
- *ssh-foxtrot
|
||||
|
|
|
@ -6,10 +6,12 @@ in {
|
|||
swapSize,
|
||||
...
|
||||
}: {
|
||||
# this is my standard partitioning scheme for my machines which probably want hibernation capabilities
|
||||
# a UEFI-compatible boot partition
|
||||
# it includes an LUKS-encrypted btrfs volume
|
||||
# a swap partition big enough to dump all the machine's RAM into
|
||||
/*
|
||||
this is my standard partitioning scheme for my machines which probably want hibernation capabilities
|
||||
a UEFI-compatible boot partition
|
||||
it includes an LUKS-encrypted btrfs volume
|
||||
a swap partition big enough to dump all the machine's RAM into
|
||||
*/
|
||||
|
||||
disko.devices = {
|
||||
disk = {
|
||||
|
@ -195,9 +197,11 @@ in {
|
|||
beefcake = let
|
||||
zpools = {
|
||||
zroot = {
|
||||
# TODO: at the time of writing, disko does not support draid6
|
||||
# so I'm building/managing the array manually for the time being
|
||||
# the root pool is just a single disk right now
|
||||
/*
|
||||
TODO: at the time of writing, disko does not support draid6
|
||||
so I'm building/managing the array manually for the time being
|
||||
the root pool is just a single disk right now
|
||||
*/
|
||||
name = "zroot";
|
||||
config = {
|
||||
type = "zpool";
|
||||
|
@ -242,9 +246,11 @@ in {
|
|||
keylocation = "file:///tmp/secret.key";
|
||||
};
|
||||
# use this to read the key during boot
|
||||
# postCreateHook = ''
|
||||
# zfs set keylocation="prompt" "zroot/$name";
|
||||
# '';
|
||||
/*
|
||||
postCreateHook = ''
|
||||
zfs set keylocation="prompt" "zroot/$name";
|
||||
'';
|
||||
*/
|
||||
};
|
||||
"encrypted/test" = {
|
||||
type = "zfs_fs";
|
||||
|
@ -254,9 +260,11 @@ in {
|
|||
};
|
||||
};
|
||||
zstorage = {
|
||||
# PARITY_COUNT=3 NUM_DRIVES=8 HOT_SPARES=2 sudo -E zpool create -f -O mountpoint=none -O compression=on -O xattr=sa -O acltype=posixacl -o ashift=12 -O atime=off -O recordsize=64K zstorage draid{$PARITY_COUNT}:{$NUM_DRIVES}c:{$HOT_SPARES}s /dev/disk/by-id/scsi-35000039548cb637c /dev/disk/by-id/scsi-35000039548cb7c8c /dev/disk/by-id/scsi-35000039548cb85c8 /dev/disk/by-id/scsi-35000039548d9b504 /dev/disk/by-id/scsi-35000039548da2b08 /dev/disk/by-id/scsi-35000039548dad2fc /dev/disk/by-id/scsi-350000399384be921 /dev/disk/by-id/scsi-35000039548db096c
|
||||
# sudo zfs create -o mountpoint=legacy zstorage/nix
|
||||
# sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage
|
||||
/*
|
||||
PARITY_COUNT=3 NUM_DRIVES=8 HOT_SPARES=2 sudo -E zpool create -f -O mountpoint=none -O compression=on -O xattr=sa -O acltype=posixacl -o ashift=12 -O atime=off -O recordsize=64K zstorage draid{$PARITY_COUNT}:{$NUM_DRIVES}c:{$HOT_SPARES}s /dev/disk/by-id/scsi-35000039548cb637c /dev/disk/by-id/scsi-35000039548cb7c8c /dev/disk/by-id/scsi-35000039548cb85c8 /dev/disk/by-id/scsi-35000039548d9b504 /dev/disk/by-id/scsi-35000039548da2b08 /dev/disk/by-id/scsi-35000039548dad2fc /dev/disk/by-id/scsi-350000399384be921 /dev/disk/by-id/scsi-35000039548db096c
|
||||
sudo zfs create -o mountpoint=legacy zstorage/nix
|
||||
sudo zfs create -o canmount=on -o mountpoint=/storage zstorage/storage
|
||||
*/
|
||||
name = "zstorage";
|
||||
config = {};
|
||||
};
|
||||
|
|
170
flake.lock
170
flake.lock
|
@ -20,11 +20,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724850097,
|
||||
"narHash": "sha256-3BHxvFb3NJzch1X8puRMkVZujOoarQ1llu3ZcwuvsKU=",
|
||||
"lastModified": 1725199881,
|
||||
"narHash": "sha256-jsmipf/u1GFZE5tBUkr56CHMN6VpUWCAjfLIhvQijU0=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "aquamarine",
|
||||
"rev": "23c7925dd31e79e8c06086ace3edb129a070ac01",
|
||||
"rev": "f8a687dd29ff019657498f1bd14da2fbbf0e604b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -61,11 +61,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724895876,
|
||||
"narHash": "sha256-GSqAwa00+vRuHbq9O/yRv7Ov7W/pcMLis3HmeHv8a+Q=",
|
||||
"lastModified": 1725377834,
|
||||
"narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "511388d837178979de66d14ca4a2ebd5f7991cd3",
|
||||
"rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -170,11 +170,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724857454,
|
||||
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
|
||||
"lastModified": 1725513492,
|
||||
"narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
|
||||
"rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -252,11 +252,11 @@
|
|||
},
|
||||
"hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1724878143,
|
||||
"narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=",
|
||||
"lastModified": 1725885300,
|
||||
"narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef",
|
||||
"rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -290,11 +290,11 @@
|
|||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724856988,
|
||||
"narHash": "sha256-JBLe2CxAhG+J8+x8qmbzkGHNYmGcSiuY2QO4Zhb72lI=",
|
||||
"lastModified": 1725976743,
|
||||
"narHash": "sha256-pLQQbiC9uO4lF58fAnlcDxlbsBB1XFWswsU1oZOIVqU=",
|
||||
"owner": "helix-editor",
|
||||
"repo": "helix",
|
||||
"rev": "1b5295a3f3d7cccd96eed5bfd394807a4dae87fc",
|
||||
"rev": "237cbe4bca46eed52efed39ed75eb44aaccbdde3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -311,11 +311,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720042825,
|
||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
||||
"lastModified": 1725703823,
|
||||
"narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
||||
"rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -332,11 +332,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724435763,
|
||||
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
|
||||
"lastModified": 1725948275,
|
||||
"narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
|
||||
"rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -386,11 +386,11 @@
|
|||
"xdph": "xdph"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724938863,
|
||||
"narHash": "sha256-CxVxeKpXWm5Jl5wkJFwDnmU/EhJ95/NPiTGKdjrpaLM=",
|
||||
"lastModified": 1726132501,
|
||||
"narHash": "sha256-mFSCZCvUZJX51V7F2NA3uAj5iaCzsDWhBXMNDz0PhH0=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "Hyprland",
|
||||
"rev": "92a0dd164e9cc74060b63abae67b0204b6b6074c",
|
||||
"rev": "73b9756b8d7ee06fc1c9f072f2a41f2dd1aeb2c9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -442,11 +442,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724174162,
|
||||
"narHash": "sha256-fOOBLwil6M9QWMCiSULwjMQzrXhHXUnEqmjHX5ZHeVI=",
|
||||
"lastModified": 1725188252,
|
||||
"narHash": "sha256-yBH8c4GDaEAtBrh+BqIlrx5vp6gG/Gu8fQQK63KAQgs=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprlang",
|
||||
"rev": "16e5c9465f04477d8a3dd48a0a26bf437986336c",
|
||||
"rev": "c12ab785ce1982f82594aff03b3104c598186ddd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -467,11 +467,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724863980,
|
||||
"narHash": "sha256-7Ke9wFRYPUIXwm5ZndGHkWBKj6BsFTkSEXUNXQRHE54=",
|
||||
"lastModified": 1724966483,
|
||||
"narHash": "sha256-WXDgKIbzjYKczxSZOsJplCS1i1yrTUpsDPuJV/xpYLo=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprutils",
|
||||
"rev": "aadf9a27dddd2272ca354ba5a22a0c2d1f919039",
|
||||
"rev": "8976e3f6a5357da953a09511d0c7f6a890fb6ec2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -505,6 +505,28 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"jovian": {
|
||||
"inputs": {
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": [
|
||||
"nixpkgs-unstable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728974938,
|
||||
"narHash": "sha256-pTPEx6WlM+nJVGrRUGx7Di4ljZMwE9HfvlZ6f3NzNfo=",
|
||||
"owner": "Jovian-Experiments",
|
||||
"repo": "Jovian-NixOS",
|
||||
"rev": "23170582b0658e6afd913149a58863af3a57b376",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Jovian-Experiments",
|
||||
"ref": "development",
|
||||
"repo": "Jovian-NixOS",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"libpng": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -522,6 +544,44 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"mobile-nixos": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1728423157,
|
||||
"narHash": "sha256-pJaC+Aef6oixhV6HdWPS2Pq/TgHxEN+MPLYUjighWYI=",
|
||||
"owner": "lytedev",
|
||||
"repo": "mobile-nixos",
|
||||
"rev": "b2c496bbcebc85a28d1d939b56bd331536bd1ac4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lytedev",
|
||||
"repo": "mobile-nixos",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-github-actions": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"jovian",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690328911,
|
||||
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "nix-github-actions",
|
||||
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"ref": "matrix-name",
|
||||
"repo": "nix-github-actions",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1709479366,
|
||||
|
@ -572,11 +632,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1724999960,
|
||||
"narHash": "sha256-LB3jqSGW5u1ZcUcX6vO/qBOq5oXHlmOCxsTXGMEitp4=",
|
||||
"lastModified": 1725910328,
|
||||
"narHash": "sha256-n9pCtzGZ0httmTwMuEbi5E78UQ4ZbQMr1pzi5N0LAG8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b96f849e725333eb2b1c7f1cb84ff102062468ba",
|
||||
"rev": "5775c2583f1801df7b790bf7f7d710a19bac66f4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -588,11 +648,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1724819573,
|
||||
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
|
||||
"lastModified": 1725103162,
|
||||
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
|
||||
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -604,11 +664,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1724727824,
|
||||
"narHash": "sha256-0XH9MJk54imJm+RHOLTUJ7e+ponLW00tw5ke4MTVa1Y=",
|
||||
"lastModified": 1725826545,
|
||||
"narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "36bae45077667aff5720e5b3f1a5458f51cf0776",
|
||||
"rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -627,6 +687,8 @@
|
|||
"home-manager": "home-manager",
|
||||
"home-manager-unstable": "home-manager-unstable",
|
||||
"hyprland": "hyprland",
|
||||
"jovian": "jovian",
|
||||
"mobile-nixos": "mobile-nixos",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"slippi": "slippi",
|
||||
|
@ -667,11 +729,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1721441897,
|
||||
"narHash": "sha256-gYGX9/22tPNeF7dR6bWN5rsrpU4d06GnQNNgZ6ZiXz0=",
|
||||
"lastModified": 1726280639,
|
||||
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "b7996075da11a2d441cfbf4e77c2939ce51506fd",
|
||||
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -691,11 +753,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722375582,
|
||||
"narHash": "sha256-NKUQoYIr+982vUXwlDGbBFY4259CX/mngVHYH4sjL8Y=",
|
||||
"lastModified": 1725647475,
|
||||
"narHash": "sha256-1PaNuhxB+rhAcpBMwDZCUJpI7Lw0AJfzYot/S18hrXo=",
|
||||
"owner": "lytedev",
|
||||
"repo": "slippi-nix",
|
||||
"rev": "ec418c0b7ed1191e227b2d821c02ee5b5fbe68f1",
|
||||
"rev": "10eb5d58b9d9c0da276d48d1c12898ea53c89d2a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -714,11 +776,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723501126,
|
||||
"narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
|
||||
"lastModified": 1725922448,
|
||||
"narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
|
||||
"rev": "cede1a08039178ac12957733e97ab1006c6b6892",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -786,11 +848,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "nix",
|
||||
"lastModified": 1723525023,
|
||||
"narHash": "sha256-ZsDJQSUokodwFMP4FIZm2dYojf5iC4F/EeKC5VuQlqY=",
|
||||
"lastModified": 1727585736,
|
||||
"narHash": "sha256-vEkcyKdFpfWbrtZlB5DCjNCmI2GudIJuHstWo3F9gL8=",
|
||||
"owner": "wez",
|
||||
"repo": "wezterm",
|
||||
"rev": "30345b36d8a00fed347e4df5dadd83915a7693fb",
|
||||
"rev": "a2f2c07a29f5c98f6736cde0c86b24887f9fd48a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -817,11 +879,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1724073926,
|
||||
"narHash": "sha256-nWlUL43jOFHf+KW6Hqrx+W/r1XdXuDyb0wC/SrHsOu4=",
|
||||
"lastModified": 1725203932,
|
||||
"narHash": "sha256-VLULC/OnI+6R9KEP2OIGk+uLJJsfRlaLouZ5gyFd2+Y=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "xdg-desktop-portal-hyprland",
|
||||
"rev": "a08ecbbf33598924e93542f737fc6169a26b481e",
|
||||
"rev": "2425e8f541525fa7409d9f26a8ffaf92a3767251",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
293
flake.nix
293
flake.nix
|
@ -31,7 +31,15 @@
|
|||
slippi.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
slippi.inputs.home-manager.follows = "home-manager-unstable";
|
||||
|
||||
jovian.url = "github:Jovian-Experiments/Jovian-NixOS/development";
|
||||
jovian.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
||||
# nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
|
||||
|
||||
mobile-nixos = {
|
||||
url = "github:lytedev/mobile-nixos";
|
||||
flake = false;
|
||||
};
|
||||
};
|
||||
|
||||
nixConfig = {
|
||||
|
@ -41,7 +49,7 @@
|
|||
"https://cache.nixos.org/"
|
||||
"https://helix.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
# "https://nix.h.lyte.dev"
|
||||
"https://nix.h.lyte.dev"
|
||||
"https://hyprland.cachix.org"
|
||||
];
|
||||
|
||||
|
@ -66,6 +74,8 @@
|
|||
home-manager-unstable,
|
||||
helix,
|
||||
hardware,
|
||||
jovian,
|
||||
mobile-nixos,
|
||||
# nnf,
|
||||
# hyprland,
|
||||
slippi,
|
||||
|
@ -88,24 +98,30 @@
|
|||
pkg = callee: overrides: genPkgs (pkgs: pkgs.callPackage callee overrides);
|
||||
};
|
||||
|
||||
style = {
|
||||
colors = (import ./lib/colors.nix {inherit (nixpkgs) lib;}).schemes.catppuccin-mocha-sapphire;
|
||||
|
||||
# font = {
|
||||
# name = "IosevkaLyteTerm";
|
||||
# size = 12;
|
||||
# };
|
||||
font = {
|
||||
name = "IosevkaLyteTerm";
|
||||
size = 12;
|
||||
};
|
||||
};
|
||||
|
||||
# moduleArgs = {
|
||||
# # inherit colors font;
|
||||
# inherit helix slippi hyprland hardware disko home-manager;
|
||||
# inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
|
||||
# };
|
||||
/*
|
||||
moduleArgs = {
|
||||
# inherit style;
|
||||
inherit helix slippi hyprland hardware disko home-manager;
|
||||
inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
|
||||
};
|
||||
*/
|
||||
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev";
|
||||
in {
|
||||
# kind of a quirk, but package definitions are actually in the "additions"
|
||||
# overlay I did this to work around some recursion problems
|
||||
# TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
|
||||
/*
|
||||
kind of a quirk, but package definitions are actually in the "additions"
|
||||
overlay I did this to work around some recursion problems
|
||||
TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
|
||||
*/
|
||||
packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
|
||||
diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
|
||||
templates = import ./templates;
|
||||
|
@ -219,10 +235,12 @@
|
|||
in rec {
|
||||
helix = helix.outputs.packages.${prev.system}.helix;
|
||||
final.helix = helix;
|
||||
# TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
|
||||
# source: https://github.com/wez/wezterm/issues/3771
|
||||
# not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
|
||||
# I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
|
||||
/*
|
||||
TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
|
||||
source: https://github.com/wez/wezterm/issues/3771
|
||||
not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
|
||||
I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
|
||||
*/
|
||||
wezterm = wezterm-input.outputs.packages.${prev.system}.default;
|
||||
final.wezterm = wezterm;
|
||||
};
|
||||
|
@ -236,12 +254,12 @@
|
|||
};
|
||||
|
||||
nixosModules = import ./modules/nixos {
|
||||
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays colors sops-nix disko;
|
||||
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays style sops-nix disko;
|
||||
flakeInputs = self.inputs;
|
||||
};
|
||||
|
||||
homeManagerModules = import ./modules/home-manager {
|
||||
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays colors;
|
||||
inherit home-manager home-manager-unstable helix nixosModules homeManagerModules pubkey overlays style;
|
||||
inherit (nixpkgs) lib;
|
||||
flakeInputs = self.inputs;
|
||||
};
|
||||
|
@ -266,9 +284,12 @@
|
|||
};
|
||||
}
|
||||
|
||||
family-users
|
||||
common
|
||||
podman
|
||||
troubleshooting-tools
|
||||
virtual-machines
|
||||
virtual-machines-gui
|
||||
linux
|
||||
fonts
|
||||
|
||||
|
@ -289,10 +310,23 @@
|
|||
password-manager
|
||||
wifi
|
||||
graphical-workstation
|
||||
virtual-machines
|
||||
virtual-machines-gui
|
||||
music-production
|
||||
gaming
|
||||
slippi.nixosModules.default
|
||||
|
||||
outputs.nixosModules.deno-netlify-ddns-client
|
||||
|
||||
{
|
||||
services.deno-netlify-ddns-client = {
|
||||
enable = true;
|
||||
username = "dragon.h";
|
||||
# TODO: router doesn't even do ipv6 yet...
|
||||
ipv6 = false;
|
||||
};
|
||||
}
|
||||
|
||||
./nixos/dragon.nix
|
||||
|
||||
{
|
||||
|
@ -344,10 +378,10 @@
|
|||
home-manager-defaults
|
||||
|
||||
hardware.nixosModules.common-pc-ssd
|
||||
|
||||
common
|
||||
gaming
|
||||
graphical-workstation
|
||||
plasma6
|
||||
|
||||
./nixos/htpc.nix
|
||||
|
||||
|
@ -361,6 +395,37 @@
|
|||
];
|
||||
};
|
||||
|
||||
steamdeck1 = nixpkgs-unstable.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = with nixosModules; [
|
||||
home-manager-unstable-defaults
|
||||
|
||||
outputs.diskoConfigurations.standard
|
||||
hardware.nixosModules.common-pc-ssd
|
||||
common
|
||||
gaming
|
||||
graphical-workstation
|
||||
plasma6
|
||||
|
||||
jovian.outputs.nixosModules.jovian
|
||||
|
||||
{
|
||||
networking.hostName = "steamdeck1";
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
hardware.bluetooth.enable = true;
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
home-manager.users.daniel = {
|
||||
imports = with homeManagerModules; [
|
||||
firefox-no-tabs
|
||||
linux-desktop-environment-config
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
foxtrot = nixpkgs-unstable.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = with nixosModules; [
|
||||
|
@ -370,10 +435,14 @@
|
|||
hardware.nixosModules.framework-13-7040-amd
|
||||
|
||||
common
|
||||
kde-connect
|
||||
password-manager
|
||||
graphical-workstation
|
||||
virtual-machines
|
||||
virtual-machines-gui
|
||||
laptop
|
||||
gaming
|
||||
cross-compiler
|
||||
|
||||
./nixos/foxtrot.nix
|
||||
|
||||
|
@ -398,6 +467,24 @@
|
|||
modprobe -v mt7921e
|
||||
'';
|
||||
})
|
||||
(writeShellApplication
|
||||
{
|
||||
name = "perfmode";
|
||||
# we use command -v $cmd here because we only want to invoke these calls _if_ the related package is installed on the system
|
||||
# otherwise, they will likely have no effect anyways
|
||||
text = ''
|
||||
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set performance'
|
||||
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@120Hz'
|
||||
'';
|
||||
})
|
||||
(writeShellApplication
|
||||
{
|
||||
name = "battmode";
|
||||
text = ''
|
||||
command -v powerprofilesctl &>/dev/null && bash -x -c 'powerprofilesctl set power-saver'
|
||||
command -v swaymsg &>/dev/null && bash -x -c 'swaymsg output eDP-1 mode 2880x1920@60Hz'
|
||||
'';
|
||||
})
|
||||
];
|
||||
})
|
||||
];
|
||||
|
@ -434,33 +521,35 @@
|
|||
];
|
||||
};
|
||||
|
||||
# grablet = nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# modules = with nixosModules; [
|
||||
# common
|
||||
/*
|
||||
grablet = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = with nixosModules; [
|
||||
common
|
||||
|
||||
# outputs.diskoConfigurations.standard
|
||||
# hardware.nixosModules.common-cpu-intel-kaby-lake
|
||||
# hardware.nixosModules.common-pc-laptopp-ssd
|
||||
# graphical-workstation
|
||||
# laptop
|
||||
# gaming
|
||||
outputs.diskoConfigurations.standard
|
||||
hardware.nixosModules.common-cpu-intel-kaby-lake
|
||||
hardware.nixosModules.common-pc-laptopp-ssd
|
||||
graphical-workstation
|
||||
laptop
|
||||
gaming
|
||||
|
||||
# ./nixos/thablet.nix
|
||||
./nixos/thablet.nix
|
||||
|
||||
# {
|
||||
# home-manager.users.daniel = {
|
||||
# imports = with homeManagerModules; [
|
||||
# iex
|
||||
# cargo
|
||||
# linux-desktop-environment-config
|
||||
# ];
|
||||
# };
|
||||
{
|
||||
home-manager.users.daniel = {
|
||||
imports = with homeManagerModules; [
|
||||
iex
|
||||
cargo
|
||||
linux-desktop-environment-config
|
||||
];
|
||||
};
|
||||
|
||||
# powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||
}
|
||||
];
|
||||
};
|
||||
*/
|
||||
|
||||
thinker = nixpkgs-unstable.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
@ -558,16 +647,116 @@
|
|||
linux
|
||||
troubleshooting-tools
|
||||
|
||||
# NOTE: maybe use this someday, but I think I need more concrete
|
||||
# networking knowledge before I know how to use it well. Additionally,
|
||||
# I can use my existing firewall configuration more easily if I manage
|
||||
# it directly.
|
||||
# nnf.nixosModules.default
|
||||
outputs.nixosModules.deno-netlify-ddns-client
|
||||
|
||||
{
|
||||
services.deno-netlify-ddns-client = {
|
||||
enable = true;
|
||||
username = "router.h";
|
||||
# TODO: ipv6
|
||||
ipv6 = false;
|
||||
};
|
||||
}
|
||||
|
||||
/*
|
||||
NOTE: maybe use this someday, but I think I need more concrete
|
||||
networking knowledge before I know how to use it well. Additionally,
|
||||
I can use my existing firewall configuration more easily if I manage
|
||||
it directly.
|
||||
nnf.nixosModules.default
|
||||
*/
|
||||
|
||||
./nixos/router.nix
|
||||
];
|
||||
};
|
||||
|
||||
# pinephone-image =
|
||||
# (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
|
||||
# configuration = with nixosModules; [
|
||||
# linux
|
||||
# home-manager-defaults
|
||||
|
||||
# # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
|
||||
# common
|
||||
# wifi
|
||||
|
||||
# # TODO: how do I get a minimally useful mobile environment?
|
||||
# # for me, this means an on-screen keyboard and suspend support I think?
|
||||
# # I can live in a tty if needed and graphical stuff can all evolve later
|
||||
# # not worried about modem
|
||||
# # maybe/hopefully I can pull in or define my own sxmo via nix?
|
||||
# ];
|
||||
# device = "pine64-pinephone";
|
||||
# pkgs = pkgsFor "aarch64-linux";
|
||||
# })
|
||||
# .outputs
|
||||
# .disk-image;
|
||||
|
||||
pinephone = let
|
||||
inherit (nixpkgs-unstable) lib;
|
||||
in
|
||||
lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
# lib.nixosSystem {
|
||||
|
||||
modules = with nixosModules; [
|
||||
{
|
||||
imports = [
|
||||
(import "${mobile-nixos}/lib/configuration.nix" {
|
||||
device = "pine64-pinephone";
|
||||
})
|
||||
];
|
||||
|
||||
# nixpkgs.hostPlatform.system = "aarch64-linux";
|
||||
nixpkgs.buildPlatform = "x86_64-linux";
|
||||
|
||||
# TODO: quirk: since the pinephone kernel doesn't seem to have "rpfilter" support, firewall ain't working
|
||||
networking.firewall.enable = lib.mkForce false;
|
||||
|
||||
# TODO: quirk: since git send-email requires perl support, which we don't seem to have on the pinephone, we're just disabling git for now
|
||||
# TODO: would likely be easier/better to somehow ignore the assertion? probably a way to do that...
|
||||
programs.git.enable = lib.mkForce false;
|
||||
|
||||
# this option is conflicted, presumably due to some assumption in my defaults/common config
|
||||
# the sd-image module we're importing above has this set to true, so we better go with that?
|
||||
# that said, I think the mobile-nixos bootloader module has this set to false, so...
|
||||
# TODO: what does this mean?
|
||||
boot.loader.generic-extlinux-compatible.enable = lib.mkForce true;
|
||||
|
||||
# another conflicting option since I think I default to NetworkManager and this conflicts with networking.wireless.enable
|
||||
networking.networkmanager.enable = lib.mkForce false;
|
||||
networking.wireless.enable = lib.mkForce true;
|
||||
}
|
||||
|
||||
# TODO: how do I build this as a .img to flash to an SD card?
|
||||
|
||||
# for testing, this seems to work `nixos-rebuild build --impure --flake .#pinephone`
|
||||
|
||||
# TODO: would like to use the mobile-nixos installer?
|
||||
"${nixpkgs-unstable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix"
|
||||
|
||||
linux
|
||||
home-manager-unstable-defaults
|
||||
|
||||
# outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
|
||||
common
|
||||
wifi
|
||||
|
||||
{
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
||||
{
|
||||
# nixpkgs.buildPlatform = "x86_64-linux";
|
||||
# nixpkgs.hostPlatform = lib.systems.examples.aarch64-multiplatform;
|
||||
# nixpkgs.localSystem.system = lib.systems.examples.x86_64-linux;
|
||||
# nixpkgs.crossSystem = lib.mkForce null;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
images.pinephone = outputs.nixosConfigurations.pinephone.config.system.build.sdImage;
|
||||
|
||||
homeConfigurations = {
|
||||
"deck" = let
|
||||
|
@ -596,8 +785,10 @@
|
|||
};
|
||||
};
|
||||
|
||||
# TODO: nix-on-droid for phone terminal usage?
|
||||
# TODO: nix-darwin for work?
|
||||
# TODO: nixos ISO?
|
||||
/*
|
||||
TODO: nix-on-droid for phone terminal usage? mobile-nixos?
|
||||
TODO: nix-darwin for work?
|
||||
TODO: nixos ISO?
|
||||
*/
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
colors,
|
||||
style,
|
||||
lib,
|
||||
flakeInputs,
|
||||
homeManagerModules,
|
||||
|
@ -16,16 +16,18 @@
|
|||
config = {
|
||||
theme = "ansi";
|
||||
};
|
||||
# themes = {
|
||||
# "Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub
|
||||
# {
|
||||
# owner = "catppuccin";
|
||||
# repo = "bat";
|
||||
# rev = "477622171ec0529505b0ca3cada68fc9433648c6";
|
||||
# sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw=";
|
||||
# }
|
||||
# + "/Catppuccin-mocha.tmTheme");
|
||||
# };
|
||||
/*
|
||||
themes = {
|
||||
"Catppuccin-mocha" = builtins.readFile (pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "catppuccin";
|
||||
repo = "bat";
|
||||
rev = "477622171ec0529505b0ca3cada68fc9433648c6";
|
||||
sha256 = "6WVKQErGdaqb++oaXnY3i6/GuH2FhTgK0v4TN4Y0Wbw=";
|
||||
}
|
||||
+ "/Catppuccin-mocha.tmTheme");
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
home.shellAliases = {
|
||||
|
@ -38,8 +40,10 @@
|
|||
emacs = {pkgs, ...}: {
|
||||
programs.emacs = {
|
||||
enable = true;
|
||||
# extraConfig = ''
|
||||
# '';
|
||||
/*
|
||||
extraConfig = ''
|
||||
'';
|
||||
*/
|
||||
extraPackages = epkgs: (with epkgs; [
|
||||
magit
|
||||
]);
|
||||
|
@ -61,9 +65,11 @@
|
|||
'';
|
||||
};
|
||||
|
||||
# home.sessionVariables = {
|
||||
# RUSTDOCFLAGS = "--default-theme=ayu";
|
||||
# };
|
||||
/*
|
||||
home.sessionVariables = {
|
||||
RUSTDOCFLAGS = "--default-theme=ayu";
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
common = {
|
||||
|
@ -79,10 +85,13 @@
|
|||
homeManagerModules.helix
|
||||
git
|
||||
zellij
|
||||
# broot
|
||||
# nnn
|
||||
htop
|
||||
# tmux
|
||||
|
||||
/*
|
||||
broot
|
||||
nnn
|
||||
tmux
|
||||
*/
|
||||
];
|
||||
|
||||
programs.home-manager.enable = true;
|
||||
|
@ -158,10 +167,12 @@
|
|||
programs.fzf = {
|
||||
# using good ol' fzf until skim sucks less out of the box I guess
|
||||
enable = true;
|
||||
# enableFishIntegration = true;
|
||||
# defaultCommand = "fd --type f";
|
||||
# defaultOptions = ["--height 40%"];
|
||||
# fileWidgetOptions = ["--preview 'head {}'"];
|
||||
/*
|
||||
enableFishIntegration = true;
|
||||
defaultCommand = "fd --type f";
|
||||
defaultOptions = ["--height 40%"];
|
||||
fileWidgetOptions = ["--preview 'head {}'"];
|
||||
*/
|
||||
};
|
||||
|
||||
# TODO: regular cron or something?
|
||||
|
@ -184,8 +195,10 @@
|
|||
|
||||
firefox = {pkgs, ...}: {
|
||||
programs.firefox = {
|
||||
# TODO: this should be able to work on macos, no?
|
||||
# TODO: enable dark theme by default
|
||||
/*
|
||||
TODO: this should be able to work on macos, no?
|
||||
TODO: enable color scheme/theme by default
|
||||
*/
|
||||
enable = true;
|
||||
|
||||
# TODO: uses nixpkgs.pass so pass otp doesn't work
|
||||
|
@ -196,9 +209,11 @@
|
|||
];
|
||||
};
|
||||
|
||||
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
|
||||
# ublock-origin
|
||||
# ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
|
||||
/*
|
||||
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
|
||||
ublock-origin
|
||||
]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
|
||||
*/
|
||||
|
||||
profiles = {
|
||||
daniel = {
|
||||
|
@ -221,8 +236,10 @@
|
|||
}
|
||||
'';
|
||||
|
||||
# userContent = ''
|
||||
# '';
|
||||
/*
|
||||
userContent = ''
|
||||
'';
|
||||
*/
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -360,10 +377,12 @@
|
|||
enable = true;
|
||||
};
|
||||
|
||||
# signing = {
|
||||
# signByDefault = false;
|
||||
# key = ~/.ssh/personal-ed25519;
|
||||
# };
|
||||
/*
|
||||
signing = {
|
||||
signByDefault = false;
|
||||
key = ~/.ssh/personal-ed25519;
|
||||
};
|
||||
*/
|
||||
|
||||
aliases = {
|
||||
a = "add -A";
|
||||
|
@ -487,11 +506,13 @@
|
|||
'';
|
||||
};
|
||||
|
||||
# NOTE: Currently, helix crashes when editing markdown in certain scenarios,
|
||||
# presumably due to an old markdown treesitter grammar
|
||||
# https://github.com/helix-editor/helix/issues/9011
|
||||
# https://github.com/helix-editor/helix/issues/8821
|
||||
# https://github.com/tree-sitter-grammars/tree-sitter-markdown/issues/114
|
||||
/*
|
||||
NOTE: Currently, helix crashes when editing markdown in certain scenarios,
|
||||
presumably due to an old markdown treesitter grammar
|
||||
https://github.com/helix-editor/helix/issues/9011
|
||||
https://github.com/helix-editor/helix/issues/8821
|
||||
https://github.com/tree-sitter-grammars/tree-sitter-markdown/issues/114
|
||||
*/
|
||||
|
||||
programs.helix = {
|
||||
enable = true;
|
||||
|
@ -503,41 +524,45 @@
|
|||
args = ["start"];
|
||||
};
|
||||
|
||||
# next-ls = {
|
||||
# command = "next-ls";
|
||||
# args = ["--stdout"];
|
||||
# };
|
||||
/*
|
||||
next-ls = {
|
||||
command = "next-ls";
|
||||
args = ["--stdout"];
|
||||
};
|
||||
|
||||
# deno = {
|
||||
# command = "deno";
|
||||
# args = ["lsp"];
|
||||
# config = {
|
||||
# enable = true;
|
||||
# lint = true;
|
||||
# unstable = true;
|
||||
# };
|
||||
# };
|
||||
deno = {
|
||||
command = "deno";
|
||||
args = ["lsp"];
|
||||
config = {
|
||||
enable = true;
|
||||
lint = true;
|
||||
unstable = true;
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
language = [
|
||||
# {
|
||||
# name = "heex";
|
||||
# scope = "source.heex";
|
||||
# injection-regex = "heex";
|
||||
# language-servers = ["lexical"]; # "lexical" "next-ls" ?
|
||||
# auto-format = true;
|
||||
# file-types = ["heex"];
|
||||
# roots = ["mix.exs" "mix.lock"];
|
||||
# indent = {
|
||||
# tab-width = 2;
|
||||
# unit = " ";
|
||||
# };
|
||||
# }
|
||||
# {
|
||||
# name = "elixir";
|
||||
# language-servers = ["lexical"]; # "lexical" "next-ls" ?
|
||||
# auto-format = true;
|
||||
# }
|
||||
/*
|
||||
{
|
||||
name = "heex";
|
||||
scope = "source.heex";
|
||||
injection-regex = "heex";
|
||||
language-servers = ["lexical"]; # "lexical" "next-ls" ?
|
||||
auto-format = true;
|
||||
file-types = ["heex"];
|
||||
roots = ["mix.exs" "mix.lock"];
|
||||
indent = {
|
||||
tab-width = 2;
|
||||
unit = " ";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "elixir";
|
||||
language-servers = ["lexical"]; # "lexical" "next-ls" ?
|
||||
auto-format = true;
|
||||
}
|
||||
*/
|
||||
{
|
||||
name = "rust";
|
||||
|
||||
|
@ -596,65 +621,67 @@
|
|||
auto-format = true;
|
||||
}
|
||||
|
||||
# {
|
||||
# name = "javascript";
|
||||
# language-id = "javascript";
|
||||
# grammar = "javascript";
|
||||
# scope = "source.js";
|
||||
# injection-regex = "^(js|javascript)$";
|
||||
# file-types = ["js" "mjs"];
|
||||
# shebangs = ["deno"];
|
||||
# language-servers = ["deno"];
|
||||
# roots = ["deno.jsonc" "deno.json"];
|
||||
# formatter = {
|
||||
# command = "deno";
|
||||
# args = ["fmt"];
|
||||
# };
|
||||
# auto-format = true;
|
||||
# comment-token = "//";
|
||||
# indent = {
|
||||
# tab-width = 2;
|
||||
# unit = "\t";
|
||||
# };
|
||||
# }
|
||||
/*
|
||||
{
|
||||
name = "javascript";
|
||||
language-id = "javascript";
|
||||
grammar = "javascript";
|
||||
scope = "source.js";
|
||||
injection-regex = "^(js|javascript)$";
|
||||
file-types = ["js" "mjs"];
|
||||
shebangs = ["deno"];
|
||||
language-servers = ["deno"];
|
||||
roots = ["deno.jsonc" "deno.json"];
|
||||
formatter = {
|
||||
command = "deno";
|
||||
args = ["fmt"];
|
||||
};
|
||||
auto-format = true;
|
||||
comment-token = "//";
|
||||
indent = {
|
||||
tab-width = 2;
|
||||
unit = "\t";
|
||||
};
|
||||
}
|
||||
|
||||
# {
|
||||
# name = "typescript";
|
||||
# language-id = "typescript";
|
||||
# grammar = "typescript";
|
||||
# scope = "source.ts";
|
||||
# injection-regex = "^(ts|typescript)$";
|
||||
# file-types = ["ts"];
|
||||
# shebangs = ["deno"];
|
||||
# language-servers = ["deno"];
|
||||
# roots = ["deno.jsonc" "deno.json"];
|
||||
# formatter = {
|
||||
# command = "deno";
|
||||
# args = ["fmt"];
|
||||
# };
|
||||
# auto-format = true;
|
||||
# comment-token = "//";
|
||||
# indent = {
|
||||
# tab-width = 2;
|
||||
# unit = "\t";
|
||||
# };
|
||||
# }
|
||||
{
|
||||
name = "typescript";
|
||||
language-id = "typescript";
|
||||
grammar = "typescript";
|
||||
scope = "source.ts";
|
||||
injection-regex = "^(ts|typescript)$";
|
||||
file-types = ["ts"];
|
||||
shebangs = ["deno"];
|
||||
language-servers = ["deno"];
|
||||
roots = ["deno.jsonc" "deno.json"];
|
||||
formatter = {
|
||||
command = "deno";
|
||||
args = ["fmt"];
|
||||
};
|
||||
auto-format = true;
|
||||
comment-token = "//";
|
||||
indent = {
|
||||
tab-width = 2;
|
||||
unit = "\t";
|
||||
};
|
||||
}
|
||||
|
||||
# {
|
||||
# name = "jsonc";
|
||||
# language-id = "json";
|
||||
# grammar = "jsonc";
|
||||
# scope = "source.jsonc";
|
||||
# injection-regex = "^(jsonc)$";
|
||||
# roots = ["deno.jsonc" "deno.json"];
|
||||
# file-types = ["jsonc"];
|
||||
# language-servers = ["deno"];
|
||||
# indent = {
|
||||
# tab-width = 2;
|
||||
# unit = " ";
|
||||
# };
|
||||
# auto-format = true;
|
||||
# }
|
||||
{
|
||||
name = "jsonc";
|
||||
language-id = "json";
|
||||
grammar = "jsonc";
|
||||
scope = "source.jsonc";
|
||||
injection-regex = "^(jsonc)$";
|
||||
roots = ["deno.jsonc" "deno.json"];
|
||||
file-types = ["jsonc"];
|
||||
language-servers = ["deno"];
|
||||
indent = {
|
||||
tab-width = 2;
|
||||
unit = " ";
|
||||
};
|
||||
auto-format = true;
|
||||
}
|
||||
*/
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -664,14 +691,17 @@
|
|||
editor = {
|
||||
soft-wrap.enable = true;
|
||||
auto-pairs = false;
|
||||
# auto-save = false;
|
||||
# completion-trigger-len = 1;
|
||||
# color-modes = false;
|
||||
bufferline = "multiple";
|
||||
# scrolloff = 8;
|
||||
rulers = [81 121];
|
||||
cursorline = true;
|
||||
|
||||
/*
|
||||
auto-save = false;
|
||||
completion-trigger-len = 1;
|
||||
color-modes = false;
|
||||
scrolloff = 8;
|
||||
*/
|
||||
|
||||
inline-diagnostics = {
|
||||
cursor-line = "hint";
|
||||
other-lines = "error";
|
||||
|
@ -703,18 +733,21 @@
|
|||
left = [
|
||||
"file-name"
|
||||
"mode"
|
||||
# "selections"
|
||||
# "primary-selection-length"
|
||||
# "position"
|
||||
# "position-percentage"
|
||||
/*
|
||||
"selections"
|
||||
"primary-selection-length"
|
||||
"position"
|
||||
"position-percentage"
|
||||
*/
|
||||
"spinner"
|
||||
"diagnostics"
|
||||
"workspace-diagnostics"
|
||||
];
|
||||
/*
|
||||
center = ["file-name"];
|
||||
right = ["version-control" "total-line-numbers" "file-encoding"];
|
||||
*/
|
||||
};
|
||||
# center = ["file-name"];
|
||||
# right = ["version-control" "total-line-numbers" "file-encoding"];
|
||||
# };
|
||||
};
|
||||
keys = {
|
||||
insert = {
|
||||
|
@ -752,7 +785,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
themes = with colors.withHashPrefix; {
|
||||
themes = with style.colors.withHashPrefix; {
|
||||
custom = {
|
||||
"type" = orange;
|
||||
|
||||
|
@ -984,8 +1017,10 @@
|
|||
fg = fgdim;
|
||||
};
|
||||
|
||||
# "ui.cursorline.primary" = { bg = "default" }
|
||||
# "ui.cursorline.secondary" = { bg = "default" }
|
||||
/*
|
||||
"ui.cursorline.primary" = { bg = "default" }
|
||||
"ui.cursorline.secondary" = { bg = "default" }
|
||||
*/
|
||||
"ui.cursorcolumn.primary" = {bg = bg3;};
|
||||
"ui.cursorcolumn.secondary" = {bg = bg3;};
|
||||
|
||||
|
@ -1006,15 +1041,17 @@
|
|||
programs.htop = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# hide_kernel_threads = 1;
|
||||
# hide_userland_threads = 1;
|
||||
# show_program_path = 0;
|
||||
# header_margin = 0;
|
||||
# show_cpu_frequency = 1;
|
||||
# highlight_base_name = 1;
|
||||
# tree_view = 0;
|
||||
# htop_version = "3.2.2";
|
||||
# config_reader_min_version = 3;
|
||||
/*
|
||||
hide_kernel_threads = 1;
|
||||
hide_userland_threads = 1;
|
||||
show_program_path = 0;
|
||||
header_margin = 0;
|
||||
show_cpu_frequency = 1;
|
||||
highlight_base_name = 1;
|
||||
tree_view = 0;
|
||||
htop_version = "3.2.2";
|
||||
config_reader_min_version = 3;
|
||||
*/
|
||||
fields = "0 48 17 18 38 39 40 2 46 47 49 1";
|
||||
hide_kernel_threads = 1;
|
||||
hide_userland_threads = 1;
|
||||
|
@ -1057,22 +1094,26 @@
|
|||
tree_sort_direction = 1;
|
||||
tree_view_always_by_pid = 0;
|
||||
all_branches_collapsed = 0;
|
||||
# screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command
|
||||
# .sort_key=PERCENT_MEM
|
||||
# .tree_sort_key=PID
|
||||
# .tree_view=0
|
||||
# .tree_view_always_by_pid=0
|
||||
# .sort_direction=-1
|
||||
# .tree_sort_direction=1
|
||||
# .all_branches_collapsed=0
|
||||
# screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE Command
|
||||
# .sort_key=IO_RATE
|
||||
# .tree_sort_key=PID
|
||||
# .tree_view=0
|
||||
# .tree_view_always_by_pid=0
|
||||
# .sort_direction=-1
|
||||
# .tree_sort_direction=1
|
||||
# .all_branches_collapsed=0
|
||||
|
||||
/*
|
||||
screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command
|
||||
.sort_key=PERCENT_MEM
|
||||
.tree_sort_key=PID
|
||||
.tree_view=0
|
||||
.tree_view_always_by_pid=0
|
||||
.sort_direction=-1
|
||||
.tree_sort_direction=1
|
||||
.all_branches_collapsed=0
|
||||
|
||||
screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE Command
|
||||
.sort_key=IO_RATE
|
||||
.tree_sort_key=PID
|
||||
.tree_view=0
|
||||
.tree_view_always_by_pid=0
|
||||
.sort_direction=-1
|
||||
.tree_sort_direction=1
|
||||
.all_branches_collapsed=0
|
||||
*/
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1164,15 +1205,26 @@
|
|||
];
|
||||
|
||||
gtk.theme = {
|
||||
name = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
||||
package = pkgs.catppuccin-gtk.override {
|
||||
accents = ["sapphire"];
|
||||
size = "compact";
|
||||
tweaks = ["rimless"];
|
||||
variant = "mocha";
|
||||
};
|
||||
name = "catppuccin-mocha-blue-compact+default";
|
||||
package =
|
||||
(pkgs.catppuccin-gtk.overrideAttrs {
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "catppuccin";
|
||||
repo = "gtk";
|
||||
rev = "v1.0.3";
|
||||
fetchSubmodules = true;
|
||||
hash = "sha256-q5/VcFsm3vNEw55zq/vcM11eo456SYE5TQA3g2VQjGc=";
|
||||
};
|
||||
|
||||
postUnpack = "";
|
||||
})
|
||||
.override
|
||||
{
|
||||
accents = ["sapphire"];
|
||||
variant = "mocha";
|
||||
size = "compact";
|
||||
};
|
||||
};
|
||||
home.pointerCursor = {
|
||||
name = "Bibata-Modern-Classic";
|
||||
package = pkgs.bibata-cursors;
|
||||
|
@ -1188,7 +1240,7 @@
|
|||
];
|
||||
};
|
||||
|
||||
# mako = {};
|
||||
mako = {};
|
||||
|
||||
# nnn = {};
|
||||
|
||||
|
@ -1218,7 +1270,7 @@
|
|||
programs.senpai = {
|
||||
enable = true;
|
||||
config = {
|
||||
address = "irc+insecure://beefcake:6667";
|
||||
address = "irc+insecure://beefcake.hare-cod.ts.net:6667";
|
||||
nickname = "lytedev";
|
||||
password-cmd = ["pass" "soju"];
|
||||
};
|
||||
|
@ -1234,12 +1286,26 @@
|
|||
};
|
||||
};
|
||||
|
||||
# sway = {};
|
||||
# sway-laptop = {};
|
||||
# swaylock = {};
|
||||
# tmux = {};
|
||||
# wallpaper-manager = {};
|
||||
# waybar = {};
|
||||
sway = {
|
||||
imports = [
|
||||
{
|
||||
_module.args = {
|
||||
inherit style;
|
||||
};
|
||||
}
|
||||
./waybar.nix
|
||||
./swaylock.nix
|
||||
./sway.nix
|
||||
];
|
||||
};
|
||||
|
||||
/*
|
||||
sway-laptop = {};
|
||||
swaylock = {};
|
||||
tmux = {};
|
||||
wallpaper-manager = {};
|
||||
waybar = {};
|
||||
*/
|
||||
|
||||
wezterm = {
|
||||
pkgs,
|
||||
|
@ -1247,14 +1313,14 @@
|
|||
...
|
||||
}: {
|
||||
# docs: https://wezfurlong.org/wezterm/config/appearance.html#defining-your-own-colors
|
||||
programs.wezterm = with colors.withHashPrefix; {
|
||||
programs.wezterm = with style.colors.withHashPrefix; {
|
||||
enable = true;
|
||||
# package = pkgs.wezterm;
|
||||
extraConfig = builtins.readFile ./wezterm/config.lua;
|
||||
colorSchemes = {
|
||||
catppuccin-mocha-sapphire = {
|
||||
ansi = map (x: colors.withHashPrefix.${toString x}) (pkgs.lib.lists.range 0 7);
|
||||
brights = map (x: colors.withHashPrefix.${toString (x + 8)}) (pkgs.lib.lists.range 0 7);
|
||||
ansi = map (x: style.colors.withHashPrefix.${toString x}) (pkgs.lib.lists.range 0 7);
|
||||
brights = map (x: style.colors.withHashPrefix.${toString (x + 8)}) (pkgs.lib.lists.range 0 7);
|
||||
|
||||
foreground = fg;
|
||||
background = bg;
|
||||
|
@ -1303,15 +1369,17 @@
|
|||
|
||||
compose_cursor = orange;
|
||||
|
||||
# copy_mode_active_highlight_bg = { Color = '#000000' },
|
||||
# copy_mode_active_highlight_fg = { AnsiColor = 'Black' },
|
||||
# copy_mode_inactive_highlight_bg = { Color = '#52ad70' },
|
||||
# copy_mode_inactive_highlight_fg = { AnsiColor = 'White' },
|
||||
/*
|
||||
copy_mode_active_highlight_bg = { Color = '#000000' },
|
||||
copy_mode_active_highlight_fg = { AnsiColor = 'Black' },
|
||||
copy_mode_inactive_highlight_bg = { Color = '#52ad70' },
|
||||
copy_mode_inactive_highlight_fg = { AnsiColor = 'White' },
|
||||
|
||||
# quick_select_label_bg = { Color = 'peru' },
|
||||
# quick_select_label_fg = { Color = '#ffffff' },
|
||||
# quick_select_match_bg = { AnsiColor = 'Navy' },
|
||||
# quick_select_match_fg = { Color = '#ffffff' },
|
||||
quick_select_label_bg = { Color = 'peru' },
|
||||
quick_select_label_fg = { Color = '#ffffff' },
|
||||
quick_select_match_bg = { AnsiColor = 'Navy' },
|
||||
quick_select_match_fg = { Color = '#ffffff' },
|
||||
*/
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -1791,7 +1859,7 @@
|
|||
theme = "match";
|
||||
|
||||
themes = {
|
||||
match = with colors.withHashPrefix; {
|
||||
match = with style.colors.withHashPrefix; {
|
||||
fg = fg;
|
||||
bg = bg;
|
||||
|
||||
|
@ -1810,8 +1878,10 @@
|
|||
# TODO: port config
|
||||
|
||||
plugins = {
|
||||
# tab-bar = {path = "tab-bar";};
|
||||
# compact-bar = {path = "compact-bar";};
|
||||
/*
|
||||
tab-bar = {path = "tab-bar";};
|
||||
compact-bar = {path = "compact-bar";};
|
||||
*/
|
||||
};
|
||||
|
||||
ui = {
|
||||
|
|
|
@ -33,7 +33,7 @@ set --export --universal EXA_COLORS '*=0'
|
|||
|
||||
set --export --universal ERL_AFLAGS "-kernel shell_history enabled -kernel shell_history_file_bytes 1024000"
|
||||
|
||||
set --export --universal BROWSER firefox
|
||||
set --export --universal BROWSER (which firefox)
|
||||
|
||||
set --export --universal SOPS_AGE_KEY_FILE "$XDG_CONFIG_HOME/sops/age/keys.txt"
|
||||
|
||||
|
@ -42,6 +42,8 @@ if has_command skim
|
|||
set --export --universal SKIM_CTRL_T_COMMAND "fd --hidden"
|
||||
end
|
||||
|
||||
set --export --universal NEWT_COLORS "root=black,black:border=black,blue"
|
||||
|
||||
# colors
|
||||
set -U fish_color_normal normal # default color
|
||||
set -U fish_color_command white # base command being run (>ls< -la)
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
}: {
|
||||
imports = [
|
||||
./ewwbar.nix
|
||||
# ./mako.nix
|
||||
./mako.nix
|
||||
./swaylock.nix
|
||||
# TODO: figure out how to import this for this module _and_ for the sway module?
|
||||
./linux-desktop.nix
|
||||
|
@ -45,7 +45,7 @@
|
|||
|
||||
exec-once = [
|
||||
"hyprpaper"
|
||||
# "mako"
|
||||
"mako"
|
||||
"swayosd-server"
|
||||
"eww daemon && eww open bar$EWW_BAR_MON"
|
||||
"firefox"
|
||||
|
@ -88,9 +88,12 @@
|
|||
input = {
|
||||
kb_layout = "us";
|
||||
kb_options = "ctrl:nocaps";
|
||||
# kb_variant =
|
||||
# kb_model =
|
||||
# kb_rules =
|
||||
|
||||
/*
|
||||
kb_variant =
|
||||
kb_model =
|
||||
kb_rules =
|
||||
*/
|
||||
|
||||
follow_mouse = 2;
|
||||
|
||||
|
@ -131,10 +134,13 @@
|
|||
|
||||
decoration = {
|
||||
rounding = 3;
|
||||
# blur = "no";
|
||||
# blur_size = 3
|
||||
# blur_passes = 1
|
||||
# blur_new_optimizations = on
|
||||
|
||||
/*
|
||||
blur = "no";
|
||||
blur_size = 3
|
||||
blur_passes = 1
|
||||
blur_new_optimizations = on
|
||||
*/
|
||||
|
||||
drop_shadow = "yes";
|
||||
shadow_range = 4;
|
||||
|
@ -147,8 +153,10 @@
|
|||
"$mod" = "SUPER";
|
||||
bind = [
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
# "$mod, return, exec, wezterm"
|
||||
# "$mod SHIFT, return, exec, wezterm"
|
||||
/*
|
||||
"$mod, return, exec, wezterm"
|
||||
"$mod SHIFT, return, exec, wezterm"
|
||||
*/
|
||||
"$mod, return, exec, wezterm"
|
||||
"$mod SHIFT, return, exec, kitty"
|
||||
"$mod, U, exec, firefox"
|
||||
|
@ -264,13 +272,13 @@
|
|||
workspace_swipe = on
|
||||
}
|
||||
|
||||
# Example per-device config
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
|
||||
# device:epic-mouse-v1 {
|
||||
# sensitivity = -0.5
|
||||
# }
|
||||
## Example per-device config
|
||||
## See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
|
||||
## device:epic-mouse-v1 {
|
||||
## sensitivity = -0.5
|
||||
## }
|
||||
|
||||
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
|
||||
## See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
|
||||
windowrulev2 = idleinhibit,class:^.*([Ss]lippi).*$
|
||||
windowrulev2 = float,class:^.*([Kk]itty|[Ff]irefox|[Ww]ezterm|[Dd]iscord|[Ss]potify|[Ss]lack).*$
|
||||
windowrulev2 = opacity 1.0 0.9,floating:1
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
{
|
||||
colors,
|
||||
font,
|
||||
...
|
||||
}: {
|
||||
services.mako = with colors.withHashPrefix; {
|
||||
enable = false;
|
||||
|
||||
anchor = "top-right";
|
||||
|
||||
extraConfig = ''
|
||||
border-size=1
|
||||
max-visible=5
|
||||
default-timeout=15000
|
||||
font=Symbols Nerd Font ${toString font.size},${font.name} ${toString font.size}
|
||||
anchor=top-right
|
||||
|
||||
background-color=${colors.bg}
|
||||
text-color=${colors.text}
|
||||
border-color=${colors.primary}
|
||||
progress-color=${colors.primary}
|
||||
|
||||
[urgency=high]
|
||||
border-color=${urgent}
|
||||
|
||||
[urgency=high]
|
||||
background-color=${urgent}
|
||||
border-color=${urgent}
|
||||
text-color=${bg}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
umask 0077
|
||||
SUBDIR="${2:-./}"
|
||||
mkdir -p "$NOTES_PATH/$SUBDIR"
|
||||
cd "$NOTES_PATH/$SUBDIR" || exit 1
|
||||
|
|
127
modules/home-manager/scripts/common/bin/spark
Executable file
127
modules/home-manager/scripts/common/bin/spark
Executable file
|
@ -0,0 +1,127 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
# spark
|
||||
# https://github.com/holman/spark
|
||||
#
|
||||
# Generates sparklines for a set of data.
|
||||
#
|
||||
# Here's a good web-based sparkline generator that was a bit of inspiration
|
||||
# for spark:
|
||||
#
|
||||
# https://datacollective.org/sparkblocks
|
||||
#
|
||||
# spark takes a comma-separated or space-separated list of data and then prints
|
||||
# a sparkline out of it.
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# spark 1 5 22 13 53
|
||||
# # => ▁▁▃▂▇
|
||||
#
|
||||
# spark 0 30 55 80 33 150
|
||||
# # => ▁▂▃▅▂▇
|
||||
#
|
||||
# spark -h
|
||||
# # => Prints the spark help text.
|
||||
|
||||
# Generates sparklines.
|
||||
#
|
||||
# $1 - The data we'd like to graph.
|
||||
_echo()
|
||||
{
|
||||
if [ "X$1" = "X-n" ]; then
|
||||
shift
|
||||
printf "%s" "$*"
|
||||
else
|
||||
printf "%s\n" "$*"
|
||||
fi
|
||||
}
|
||||
|
||||
spark()
|
||||
{
|
||||
local n numbers=
|
||||
|
||||
# find min/max values
|
||||
local min=0xffffffff max=0
|
||||
|
||||
for n in ${@//,/ }
|
||||
do
|
||||
# on Linux (or with bash4) we could use `printf %.0f $n` here to
|
||||
# round the number but that doesn't work on OS X (bash3) nor does
|
||||
# `awk '{printf "%.0f",$1}' <<< $n` work, so just cut it off
|
||||
n=${n%.*}
|
||||
(( n < min )) && min=$n
|
||||
(( n > max )) && max=$n
|
||||
numbers=$numbers${numbers:+ }$n
|
||||
done
|
||||
|
||||
# print ticks
|
||||
local ticks=(▁ ▂ ▃ ▄ ▅ ▆ ▇ █)
|
||||
|
||||
# use a high tick if data is constant
|
||||
(( min == max )) && ticks=(▅ ▆)
|
||||
|
||||
local f=$(( (($max-$min)<<8)/(${#ticks[@]}-1) ))
|
||||
(( f < 1 )) && f=1
|
||||
|
||||
for n in $numbers
|
||||
do
|
||||
_echo -n ${ticks[$(( ((($n-$min)<<8)/$f) ))]}
|
||||
done
|
||||
_echo
|
||||
}
|
||||
|
||||
# If we're being sourced, don't worry about such things
|
||||
if [ "$BASH_SOURCE" == "$0" ]; then
|
||||
# Prints the help text for spark.
|
||||
help()
|
||||
{
|
||||
local spark=$(basename $0)
|
||||
cat <<EOF
|
||||
|
||||
USAGE:
|
||||
$spark [-h|--help] VALUE,...
|
||||
|
||||
EXAMPLES:
|
||||
$spark 1 5 22 13 53
|
||||
▁▁▃▂█
|
||||
$spark 0,30,55,80,33,150
|
||||
▁▂▃▄▂█
|
||||
echo 9 13 5 17 1 | $spark
|
||||
▄▆▂█▁
|
||||
EOF
|
||||
}
|
||||
|
||||
# show help for no arguments if stdin is a terminal
|
||||
if { [ -z "$1" ] && [ -t 0 ] ; } || [ "$1" == '-h' ] || [ "$1" == '--help' ]
|
||||
then
|
||||
help
|
||||
exit 0
|
||||
fi
|
||||
|
||||
spark ${@:-`cat`}
|
||||
fi
|
||||
|
||||
# source: https://github.com/holman/spark/commit/ab88ac6f8f33698f39ece2f109b1117ef39a68eb
|
||||
|
||||
# The MIT License
|
||||
#
|
||||
# Copyright (c) Zach Holman, https://zachholman.com
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
3
modules/home-manager/scripts/common/bin/t
Executable file
3
modules/home-manager/scripts/common/bin/t
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
N todo
|
|
@ -1,30 +1,34 @@
|
|||
{
|
||||
colors,
|
||||
style,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
font,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./waybar.nix
|
||||
# ./mako.nix
|
||||
./swaylock.nix
|
||||
./linux-desktop.nix
|
||||
];
|
||||
|
||||
programs.foot = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
xdg = {
|
||||
enable = true;
|
||||
mimeApps = {
|
||||
enable = true;
|
||||
defaultApplications = {
|
||||
"x-scheme-handler/http" = "firefox.desktop";
|
||||
"x-scheme-handler/https" = "firefox.desktop";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home.file."${config.xdg.configHome}/mako/config" = {
|
||||
enable = true;
|
||||
text = with colors.withHashPrefix; ''
|
||||
text = with style.colors.withHashPrefix; ''
|
||||
border-size=1
|
||||
max-visible=5
|
||||
default-timeout=15000
|
||||
font=Symbols Nerd Font ${toString font.size},${font.name} ${toString font.size}
|
||||
font=Symbols Nerd Font ${toString style.font.size},${style.font.name} ${toString style.font.size}
|
||||
anchor=top-right
|
||||
on-notify=exec ${pkgs.mpv}/bin/mpv --volume=50 ~/.notify.wav
|
||||
|
||||
background-color=${bg}
|
||||
text-color=${text}
|
||||
|
@ -80,6 +84,17 @@
|
|||
|
||||
systemd = {
|
||||
enable = true;
|
||||
variables = [
|
||||
"DISPLAY"
|
||||
"WAYLAND_DISPLAY"
|
||||
"SWAYSOCK"
|
||||
"XDG_CURRENT_DESKTOP"
|
||||
"XDG_SESSION_TYPE"
|
||||
"NIXOS_OZONE_WL"
|
||||
"XCURSOR_THEME"
|
||||
"XCURSOR_SIZE"
|
||||
"PATH"
|
||||
];
|
||||
};
|
||||
|
||||
# TODO: stuff is opening on workspace 10 (0?)
|
||||
|
@ -103,12 +118,6 @@
|
|||
*/
|
||||
];
|
||||
|
||||
output = {
|
||||
# "*" = {
|
||||
# background = "$HOME/.wallpaper fill";
|
||||
# };
|
||||
};
|
||||
|
||||
# TODO: popup_during_fullscreen smart
|
||||
focus = {
|
||||
wrapping = "no"; # maybe workspace?
|
||||
|
@ -133,6 +142,11 @@
|
|||
};
|
||||
|
||||
startup = [
|
||||
{command = "kdeconnect-indicator";}
|
||||
{command = "mako";}
|
||||
{
|
||||
command = "swaybg -i $HOME/.wallpaper";
|
||||
}
|
||||
{
|
||||
command = "swayosd-server";
|
||||
}
|
||||
|
@ -162,7 +176,6 @@
|
|||
"timeout 600 'swaymsg \"output * dpms off\"' resume 'swaymsg \"output * dpms on\" & maybe-good-morning &'"
|
||||
];
|
||||
}
|
||||
# {command = "mako";}
|
||||
# {command = "firefox";}
|
||||
# {command = "wezterm";}
|
||||
];
|
||||
|
@ -187,13 +200,13 @@
|
|||
input = {
|
||||
"type:keyboard" = {
|
||||
xkb_options = "ctrl:nocaps";
|
||||
repeat_delay = "200";
|
||||
repeat_rate = "60";
|
||||
repeat_delay = "180";
|
||||
repeat_rate = "100";
|
||||
};
|
||||
|
||||
"type:pointer" = {
|
||||
accel_profile = "flat";
|
||||
pointer_accel = "0";
|
||||
pointer_accel = "0.5";
|
||||
};
|
||||
|
||||
"type:touchpad" = {
|
||||
|
@ -217,6 +230,7 @@
|
|||
"${mod}+c" = "kill";
|
||||
"${mod}+shift+c" = "kill # TODO: kill -9?";
|
||||
"${mod}+alt+space" = "exec wofi --show drun";
|
||||
"${mod}" = "exec ${menu}";
|
||||
"${mod}+space" = "exec ${menu}";
|
||||
"${mod}+shift+s" = "exec clipshot";
|
||||
"${mod}+e" = "exec thunar";
|
||||
|
@ -294,39 +308,54 @@
|
|||
# TODO: this should also reset the horizontal and vertical gaps?
|
||||
"${mod}+control+equal" = "gaps inner current set 0";
|
||||
|
||||
"${mod}+shift+v" = "exec swayosd-client --input-volume mute-toggle";
|
||||
"${mod}+F1" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
|
||||
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
|
||||
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
|
||||
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
|
||||
"${mod}+shift+v" = "exec swayosd-client --input-volume mute-toggle";
|
||||
# "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume 15";
|
||||
# "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -15";
|
||||
# "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise --max-volume 120";
|
||||
# "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower --max-volume 120";
|
||||
# "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume +10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
|
||||
# "XF86AudioLowerVolume" = "exec swayosd-client --output-volume -10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
|
||||
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
|
||||
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
|
||||
# "XF86MonBrightnessUp" = " exec swayosd-client --brightness 10";
|
||||
# "XF86MonBrightnessDown" = "exec swayosd-client --brightness -10";
|
||||
|
||||
# "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
|
||||
# "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
|
||||
"control+XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +1%";
|
||||
"control+XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -1%";
|
||||
# "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||
"${mod}+F1" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||
# "XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
|
||||
# "XF86MonBrightnessDown" = "exec brightnessctl set 10%-";
|
||||
# "XF86MonBrightnessUp" = "exec brightnessctl set +10%";
|
||||
# "shift+XF86MonBrightnessDown" = "exec brightnessctl set 1%";
|
||||
# "shift+XF86MonBrightnessUp" = "exec brightnessctl set 100%";
|
||||
# "control+XF86MonBrightnessDown" = "exec brightnessctl set 1%-";
|
||||
# "control+XF86MonBrightnessUp" = "exec brightnessctl set +1%";
|
||||
"XF86AudioPlay" = "exec playerctl play-pause";
|
||||
"XF86AudioNext" = "exec playerctl next";
|
||||
"XF86AudioPrev" = "exec playerctl previous";
|
||||
# "${mod}+shift+v" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
|
||||
"--locked ${mod}+shift+v" = "exec swayosd-client --input-volume mute-toggle";
|
||||
"--locked ${mod}+F1" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||
"--locked XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
|
||||
"--locked XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
|
||||
"--locked XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
|
||||
"--locked XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
|
||||
"--locked XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
|
||||
"--locked XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
|
||||
"--locked control+XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +1%";
|
||||
"--locked control+XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -1%";
|
||||
"--locked XF86AudioPlay" = "exec playerctl play-pause";
|
||||
"--locked XF86AudioNext" = "exec playerctl next";
|
||||
"--locked XF86AudioPrev" = "exec playerctl previous";
|
||||
|
||||
/*
|
||||
"XF86MonBrightnessUp" = " exec swayosd-client --brightness 10";
|
||||
"XF86MonBrightnessDown" = "exec swayosd-client --brightness -10";
|
||||
"XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
|
||||
"XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
|
||||
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume 15";
|
||||
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume -15";
|
||||
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise --max-volume 120";
|
||||
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower --max-volume 120";
|
||||
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume +10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
|
||||
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume -10 --device alsa_output.pci-0000_11_00.4.analog-stereo.monitor";
|
||||
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
|
||||
"XF86MonBrightnessDown" = "exec brightnessctl set 10%-";
|
||||
"XF86MonBrightnessUp" = "exec brightnessctl set +10%";
|
||||
"shift+XF86MonBrightnessDown" = "exec brightnessctl set 1%";
|
||||
"shift+XF86MonBrightnessUp" = "exec brightnessctl set 100%";
|
||||
"control+XF86MonBrightnessDown" = "exec brightnessctl set 1%-";
|
||||
"control+XF86MonBrightnessUp" = "exec brightnessctl set +1%";
|
||||
"${mod}+shift+v" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
|
||||
*/
|
||||
|
||||
"${mod}+control+shift+l" = "exec swaylock";
|
||||
|
||||
|
@ -334,7 +363,7 @@
|
|||
};
|
||||
assigns = {};
|
||||
bars = [];
|
||||
colors = with colors; {
|
||||
colors = with style.colors; {
|
||||
background = bg;
|
||||
focused = {
|
||||
background = bg;
|
||||
|
|
|
@ -1,14 +1,10 @@
|
|||
{
|
||||
font,
|
||||
# colors,
|
||||
...
|
||||
}: {
|
||||
{style, ...}: {
|
||||
programs.swaylock = {
|
||||
enable = true;
|
||||
settings = {
|
||||
color = "ffffffff";
|
||||
image = "~/.wallpaper";
|
||||
font = font.name;
|
||||
font = style.font.name;
|
||||
show-failed-attempts = true;
|
||||
ignore-empty-password = true;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
colors,
|
||||
font,
|
||||
pkgs,
|
||||
style,
|
||||
...
|
||||
}: {
|
||||
programs.waybar = {
|
||||
|
@ -10,38 +10,41 @@
|
|||
"layer" = "top";
|
||||
"position" = "bottom";
|
||||
"output" = ["eDP-1" "DP-3"];
|
||||
"height" = 32;
|
||||
"modules-left" = ["clock" "sway/window"];
|
||||
"modules-center" = ["sway/workspaces"];
|
||||
"modules-right" = [
|
||||
"mpris"
|
||||
"height" = 50;
|
||||
"modules-left" = [
|
||||
"idle_inhibitor"
|
||||
"bluetooth"
|
||||
# "wireplumber",
|
||||
"sway/workspaces"
|
||||
"sway/window"
|
||||
];
|
||||
"modules-center" = [];
|
||||
"modules-right" = [
|
||||
"privacy"
|
||||
"power-profiles-daemon"
|
||||
"mpris"
|
||||
## "disk"
|
||||
## TODO: will need a custom module for Disk IO
|
||||
|
||||
## "wireplumber" # pulseaudio module is more featureful
|
||||
"pulseaudio"
|
||||
# "network",
|
||||
"network"
|
||||
"cpu"
|
||||
"memory"
|
||||
# "temperature",
|
||||
"temperature"
|
||||
"backlight"
|
||||
"battery"
|
||||
|
||||
"bluetooth"
|
||||
"tray"
|
||||
"clock"
|
||||
];
|
||||
"bluetooth" = {
|
||||
"format" = "<span</span>";
|
||||
"format-connected" = "<span></span>";
|
||||
"format-connected-battery" = "<span></span>";
|
||||
# "format-device-preference" = [ "device1", "device2" ], # preference list deciding the displayed devic;
|
||||
"tooltip-format" = "{controller_alias}@{controller_address} ({num_connections} connected)";
|
||||
"tooltip-format-connected" = "{controller_alias}@{controller_address} ({num_connections} connected)\n{device_enumerate}";
|
||||
"tooltip-format-enumerate-connected" = "{device_alias}@{device_address}";
|
||||
"tooltip-format-enumerate-connected-battery" = "{device_alias}@{device_address} ( {device_battery_percentage}%)";
|
||||
"format" = "<span></span>";
|
||||
"on-click" = "${pkgs.blueman}/bin/blueman-manager";
|
||||
};
|
||||
"wireplumber" = {
|
||||
"format" = "{volume}% {icon}";
|
||||
"on-click" = "helvum";
|
||||
};
|
||||
# "wireplumber" = ;
|
||||
# "format" = "{volume}% {icon}";
|
||||
# "format-muted" = "";
|
||||
# "on-click" = "helvum;
|
||||
# },
|
||||
"sway/workspaces" = {
|
||||
"disable-scroll" = false;
|
||||
"persistent_workspaces" = {
|
||||
|
@ -59,31 +62,40 @@
|
|||
"tray" = {
|
||||
"icon-size" = 24;
|
||||
"spacing" = 4;
|
||||
"show-passive-items" = true;
|
||||
};
|
||||
"clock" = {
|
||||
"interval" = 1;
|
||||
"format" = "{:%a %b %d %H:%M:%S}";
|
||||
"format" = "{:%a %b %d\n%H:%M:%S}";
|
||||
"justify" = "center";
|
||||
};
|
||||
"cpu" = {
|
||||
"format" = "{usage} <span></span>";
|
||||
"format" = "{usage}%\nCPU";
|
||||
"tooltip" = true;
|
||||
"interval" = 3;
|
||||
"interval" = 5;
|
||||
"justify" = "center";
|
||||
};
|
||||
"memory" = {
|
||||
"format" = "{} ";
|
||||
"format" = "{}%\nRAM";
|
||||
"tooltip" = true;
|
||||
"interval" = 5;
|
||||
"justify" = "center";
|
||||
};
|
||||
"temperature" = {
|
||||
# "thermal-zone" = 2;
|
||||
# "hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input";
|
||||
/*
|
||||
"thermal-zone" = 2;
|
||||
"hwmon-path" = "/sys/class/hwmon/hwmon2/temp1_input";
|
||||
"format-critical" = "{temperatureC}°C {icon}";
|
||||
*/
|
||||
"critical-threshold" = 80;
|
||||
# "format-critical" = "{temperatureC}°C {icon}";
|
||||
"format" = "{temperatureC}°C {icon}";
|
||||
"format-icons" = ["" "" ""];
|
||||
"format" = "{temperatureC}\n°C";
|
||||
"justify" = "center";
|
||||
};
|
||||
"backlight" = {
|
||||
# "device" = "acpi_video1";
|
||||
"format" = "{percent}% {icon}";
|
||||
"format" = "{percent}%\n{icon}";
|
||||
"format-icons" = ["" ""];
|
||||
"justify" = "center";
|
||||
};
|
||||
"battery" = {
|
||||
"states" = {
|
||||
|
@ -91,55 +103,53 @@
|
|||
"warning" = 30;
|
||||
"critical" = 1;
|
||||
};
|
||||
"format" = "{capacity}% {time} {icon}";
|
||||
"format-charging" = "{capacity}% {time} ";
|
||||
"format-plugged" = "{capacity}% {time} ";
|
||||
"format-alt" = "{capacity}% {icon}";
|
||||
"tooltip-format" = "{timeTo}\n{power} watts\n{health}% health\n{cycles} cycles";
|
||||
"format" = "{icon}{capacity}%-\n{time}";
|
||||
"format-charging" = "{capacity}%+\n{time}";
|
||||
"format-plugged" = "{capacity}%=\n{time}";
|
||||
"format-alt" = "{capacity}%";
|
||||
"format-good" = ""; # An empty format will hide the module
|
||||
"format-full" = "";
|
||||
"format-icons" = ["" "" "" "" ""];
|
||||
"format-time" = "{H}:{m}";
|
||||
"justify" = "center";
|
||||
};
|
||||
"network" = {
|
||||
"format-wifi" = "{essid} ({signalStrength}%) ";
|
||||
"format-ethernet" = "{ifname}: {ipaddr}/{cidr} ";
|
||||
"format-linked" = "{ifname} (No IP) ";
|
||||
"format-disconnected" = "Disconnected ⚠";
|
||||
"format-alt" = "{ifname}: {ipaddr}/{cidr}";
|
||||
"format-wifi" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
|
||||
"format-ethernet" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
|
||||
"format-linked" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
|
||||
"format-disconnected" = "No Network {icon}";
|
||||
"format-alt" = "{bandwidthUpBits} up \n{bandwidthDownBits} down";
|
||||
"interval" = 5;
|
||||
"justify" = "right";
|
||||
};
|
||||
"mpris" = {
|
||||
"format" = "{title} by {artist}";
|
||||
"format" = "{title}\nby {artist}";
|
||||
"justify" = "center";
|
||||
};
|
||||
"pulseaudio" = {
|
||||
# "scroll-step" = 1, # %, can be a floa;
|
||||
"format" = "{volume} {icon} <span>{format_source}</span>";
|
||||
#"format" = "{volume}% {icon} {format_source}";
|
||||
#"format-bluetooth" = "{volume}% {icon} {format_source}";
|
||||
#"format-bluetooth-muted" = " {icon} {format_source}";
|
||||
#"format-muted" = " {format_source}";
|
||||
"format-muted" = " {format_source}";
|
||||
"format-source" = "";
|
||||
"format-source-muted" = "";
|
||||
"format-icons" = {
|
||||
"headphones" = "";
|
||||
"handsfree" = "";
|
||||
"headset" = "";
|
||||
"phone" = "";
|
||||
"portable" = "";
|
||||
"car" = "";
|
||||
"default" = ["" "" ""];
|
||||
};
|
||||
/*
|
||||
"scroll-step" = 1, # %, can be a floa;
|
||||
"format" = "{volume}% {icon} {format_source}";
|
||||
"format-muted" = " {format_source}";
|
||||
*/
|
||||
"format" = "{volume}%\n{format_source}";
|
||||
"format-muted" = "MUTE\n{format_source}";
|
||||
"format-bluetooth" = "{volume}%\n{format_source}";
|
||||
"format-bluetooth-muted" = "MUTE\n{format_source}";
|
||||
"format-source" = "MIC ON";
|
||||
"format-source-muted" = "MIC OFF";
|
||||
# TODO: toggle mute?
|
||||
"on-click" = "pavucontrol";
|
||||
"on-click" = "${pkgs.pavucontrol}/bin/pavucontrol";
|
||||
"justify" = "center";
|
||||
};
|
||||
};
|
||||
};
|
||||
style = let
|
||||
border-width = "0px";
|
||||
in
|
||||
with colors.withHashPrefix; ''
|
||||
with style.colors.withHashPrefix; ''
|
||||
* {
|
||||
border-radius: 0;
|
||||
font-family: "${font.name}", "Symbols Nerd Font Mono", sans-serif;
|
||||
font-family: "${style.font.name}", "Symbols Nerd Font Mono", sans-serif;
|
||||
font-size: 16px;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
disko,
|
||||
sops-nix,
|
||||
colors,
|
||||
style,
|
||||
flakeInputs,
|
||||
homeManagerModules,
|
||||
home-manager,
|
||||
|
@ -11,6 +11,143 @@
|
|||
pubkey,
|
||||
overlays,
|
||||
}: {
|
||||
ewwbar = {pkgs, ...}: {
|
||||
# imports = with nixosModules; [];
|
||||
environment.systemPackages = with pkgs; [eww upower jq];
|
||||
|
||||
# TODO: include the home-manager modules for daniel?
|
||||
};
|
||||
|
||||
hyprland = {pkgs, ...}: {
|
||||
imports = with nixosModules; [
|
||||
ewwbar
|
||||
pipewire
|
||||
];
|
||||
|
||||
programs.hyprland = {
|
||||
enable = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [hyprpaper xwaylandvideobridge socat];
|
||||
|
||||
programs.hyprland = {
|
||||
package = flakeInputs.hyprland.packages.${pkgs.system}.hyprland;
|
||||
};
|
||||
|
||||
# TODO: include the home-manager modules for daniel?
|
||||
};
|
||||
|
||||
sway = {pkgs, ...}: {
|
||||
imports = with nixosModules; [
|
||||
pipewire
|
||||
];
|
||||
|
||||
systemd.user.services."wait-for-full-path" = {
|
||||
description = "wait for systemd units to have full PATH";
|
||||
wantedBy = ["xdg-desktop-portal.service"];
|
||||
before = ["xdg-desktop-portal.service"];
|
||||
path = with pkgs; [systemd coreutils gnugrep];
|
||||
script = ''
|
||||
ispresent () {
|
||||
systemctl --user show-environment | grep -E '^PATH=.*/.nix-profile/bin'
|
||||
}
|
||||
while ! ispresent; do
|
||||
sleep 0.1;
|
||||
done
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
TimeoutStartSec = "60";
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users.daniel = {
|
||||
imports = with homeManagerModules; [
|
||||
sway
|
||||
];
|
||||
};
|
||||
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
wrapperFeatures.gtk = true;
|
||||
};
|
||||
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
# TODO: a lot of this probably needs de-duping with hyprland?
|
||||
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-wlr
|
||||
];
|
||||
};
|
||||
|
||||
services.dbus.enable = true;
|
||||
security.polkit.enable = true; # needed for home-manager integration
|
||||
|
||||
programs.thunar = {
|
||||
enable = true;
|
||||
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
|
||||
};
|
||||
|
||||
services.gvfs = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
environment = {
|
||||
variables = {
|
||||
VISUAL = "hx";
|
||||
PAGER = "less";
|
||||
MANPAGER = "less";
|
||||
};
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
brightnessctl
|
||||
feh
|
||||
grim
|
||||
libinput
|
||||
libinput-gestures
|
||||
libnotify
|
||||
mako
|
||||
noto-fonts
|
||||
pamixer
|
||||
playerctl
|
||||
pulseaudio
|
||||
pulsemixer
|
||||
slurp
|
||||
swaybg
|
||||
swayidle
|
||||
swaylock
|
||||
swayosd
|
||||
tofi
|
||||
waybar
|
||||
wl-clipboard
|
||||
zathura
|
||||
|
||||
/*
|
||||
gimp
|
||||
inkscape
|
||||
krita
|
||||
lutris
|
||||
nil
|
||||
nixpkgs-fmt
|
||||
pavucontrol
|
||||
rclone
|
||||
restic
|
||||
steam
|
||||
vlc
|
||||
vulkan-tools
|
||||
weechat
|
||||
wine
|
||||
*/
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
deno-netlify-ddns-client = import ./deno-netlify-ddns-client.nix;
|
||||
|
||||
fallback-hostname = {lib, ...}: {
|
||||
|
@ -123,9 +260,11 @@
|
|||
file
|
||||
iputils
|
||||
nettools
|
||||
# nodePackages.bash-language-server # just pull in as needed?
|
||||
# shellcheck
|
||||
# shfmt
|
||||
/*
|
||||
nodePackages.bash-language-server # just pull in as needed?
|
||||
shellcheck
|
||||
shfmt
|
||||
*/
|
||||
killall
|
||||
ripgrep
|
||||
rsync
|
||||
|
@ -154,9 +293,11 @@
|
|||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# https://nixos.wiki/wiki/Remote_disk_unlocking
|
||||
# "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
|
||||
# ^ seems less than ideal
|
||||
/*
|
||||
https://nixos.wiki/wiki/Remote_disk_unlocking
|
||||
"When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
|
||||
^ seems less than ideal
|
||||
*/
|
||||
boot.kernelParams = ["ip=dhcp"];
|
||||
boot.initrd = {
|
||||
# availableKernelModules = ["r8169"]; # ethernet drivers
|
||||
|
@ -186,22 +327,26 @@
|
|||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
PermitRootLogin = lib.mkForce "prohibit-password";
|
||||
};
|
||||
|
||||
openFirewall = lib.mkDefault true;
|
||||
|
||||
# listenAddresses = [
|
||||
# { addr = "0.0.0.0"; port = 22; }
|
||||
# ];
|
||||
/*
|
||||
listenAddresses = [
|
||||
{ addr = "0.0.0.0"; port = 22; }
|
||||
];
|
||||
*/
|
||||
};
|
||||
};
|
||||
|
||||
password-manager = {pkgs, ...}: {
|
||||
# programs.goldwarden = {
|
||||
# NOTE: This didn't seem to work for me, but would be awesome!
|
||||
# enable = true;
|
||||
# };
|
||||
/*
|
||||
programs.goldwarden = {
|
||||
## NOTE: This didn't seem to work for me, but would be awesome! (but I can't remember why?)
|
||||
enable = true;
|
||||
};
|
||||
*/
|
||||
|
||||
home-manager.users.daniel = {
|
||||
imports = with homeManagerModules; [
|
||||
|
@ -225,6 +370,10 @@
|
|||
};
|
||||
};
|
||||
|
||||
cross-compiler = {config, ...}: {
|
||||
boot.binfmt.emulatedSystems = ["aarch64-linux" "i686-linux"];
|
||||
};
|
||||
|
||||
default-nix-configuration-and-overlays = {
|
||||
lib,
|
||||
config,
|
||||
|
@ -247,12 +396,14 @@
|
|||
trusted-users = ["root" "daniel"];
|
||||
experimental-features = lib.mkDefault ["nix-command" "flakes"];
|
||||
|
||||
extra-platforms = ["i686-linux" "aarch64-linux"];
|
||||
|
||||
substituters = [
|
||||
# TODO: dedupe with flake's config? is that even necessary?
|
||||
"https://cache.nixos.org/"
|
||||
"https://helix.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
# "https://nix.h.lyte.dev"
|
||||
"https://nix.h.lyte.dev"
|
||||
"https://hyprland.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
|
@ -278,6 +429,19 @@
|
|||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
|
||||
ACTION=="add", SUBSYSTEM=="backlight", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/%k/brightness"
|
||||
'';
|
||||
|
||||
services.upower.enable = true;
|
||||
|
||||
# NOTE: I previously let plasma settings handle this
|
||||
services.logind = {
|
||||
lidSwitch = "suspend-then-hibernate";
|
||||
extraConfig = ''
|
||||
HandleLidSwitchDocked=ignore
|
||||
HandlePowerKey=suspend-then-hibernate
|
||||
IdleActionSec=11m
|
||||
IdleAction=suspend-then-hibernate
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
emacs = {pkgs, ...}: {
|
||||
|
@ -303,9 +467,11 @@
|
|||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
programs.neovim = {
|
||||
enable = true;
|
||||
# plugins = [
|
||||
# pkgs.vimPlugins.nvim-treesitter.withAllGrammars
|
||||
# ];
|
||||
/*
|
||||
plugins = [
|
||||
pkgs.vimPlugins.nvim-treesitter.withAllGrammars
|
||||
];
|
||||
*/
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -400,6 +566,8 @@
|
|||
|
||||
troubleshooting-tools = {pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [
|
||||
comma
|
||||
iftop
|
||||
bottom
|
||||
btop
|
||||
dnsutils
|
||||
|
@ -411,6 +579,7 @@
|
|||
hexyl
|
||||
pkgs.unixtools.xxd
|
||||
usbutils
|
||||
comma
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -440,13 +609,15 @@
|
|||
...
|
||||
}: {
|
||||
imports = with nixosModules; [
|
||||
plasma6
|
||||
sway
|
||||
# hyprland
|
||||
enable-flatpaks-and-appimages
|
||||
fonts
|
||||
development-tools
|
||||
printing
|
||||
music-consumption
|
||||
video-tools
|
||||
radio-tools
|
||||
];
|
||||
|
||||
xdg.portal.enable = true;
|
||||
|
@ -456,8 +627,10 @@
|
|||
then {
|
||||
graphics = {
|
||||
enable = true;
|
||||
# driSupport32Bit = true;
|
||||
# driSupport = true;
|
||||
/*
|
||||
driSupport32Bit = true;
|
||||
driSupport = true;
|
||||
*/
|
||||
};
|
||||
}
|
||||
else {
|
||||
|
@ -471,26 +644,39 @@
|
|||
systemPackages = with pkgs; [
|
||||
libnotify
|
||||
slides
|
||||
slack
|
||||
discord
|
||||
];
|
||||
variables = {
|
||||
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
||||
# GTK_USE_PORTAL = "1";
|
||||
/*
|
||||
GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
||||
GTK_USE_PORTAL = "1";
|
||||
*/
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# ewwbar = {};
|
||||
# gnome = {};
|
||||
# hyprland = {};
|
||||
# intel = {};
|
||||
|
||||
radio-tools = {pkgs, ...}: {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
chirp
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
kde-connect = {
|
||||
programs.kdeconnect.enable = true;
|
||||
|
||||
# networking.firewall = {
|
||||
# allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||
# allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||
# };
|
||||
/*
|
||||
# handled by enabling
|
||||
networking.firewall = {
|
||||
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
fonts = {pkgs, ...}: {
|
||||
|
@ -535,21 +721,24 @@
|
|||
maliit-framework
|
||||
|
||||
kdePackages.kate
|
||||
# kdePackages.kdenlive
|
||||
# kdePackages.merkuro
|
||||
kdePackages.kcalc
|
||||
# kdePackages.neochat
|
||||
kdePackages.filelight
|
||||
kdePackages.krdc
|
||||
kdePackages.krfb
|
||||
kdePackages.kclock
|
||||
kdePackages.kweather
|
||||
kdePackages.ktorrent
|
||||
# kdePackages.kdevelop
|
||||
# kdePackages.kdialog
|
||||
kdePackages.kdeplasma-addons
|
||||
|
||||
unstable-packages.kdePackages.krdp
|
||||
|
||||
/*
|
||||
kdePackages.kdenlive
|
||||
kdePackages.merkuro
|
||||
kdePackages.neochat
|
||||
kdePackages.kdevelop
|
||||
kdePackages.kdialog
|
||||
*/
|
||||
];
|
||||
|
||||
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty;
|
||||
|
@ -630,50 +819,56 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
# extraConfig.pipewire."92-low-latency" = {
|
||||
# context.properties = {
|
||||
# default.clock.rate = 48000;
|
||||
# default.clock.quantum = 32;
|
||||
# default.clock.min-quantum = 32;
|
||||
# default.clock.max-quantum = 32;
|
||||
# };
|
||||
# };
|
||||
/*
|
||||
extraConfig.pipewire."92-low-latency" = {
|
||||
context.properties = {
|
||||
default.clock.rate = 48000;
|
||||
default.clock.quantum = 32;
|
||||
default.clock.min-quantum = 32;
|
||||
default.clock.max-quantum = 32;
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
# recommended by https://nixos.wiki/wiki/PipeWire
|
||||
security.rtkit.enable = true;
|
||||
|
||||
# services.pipewire = {
|
||||
# enable = true;
|
||||
/*
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
|
||||
# wireplumber.enable = true;
|
||||
# pulse.enable = true;
|
||||
# jack.enable = true;
|
||||
wireplumber.enable = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
|
||||
# alsa = {
|
||||
# enable = true;
|
||||
# support32Bit = true;
|
||||
# };
|
||||
# };
|
||||
alsa = {
|
||||
enable = true;
|
||||
support32Bit = true;
|
||||
};
|
||||
};
|
||||
|
||||
# hardware = {
|
||||
# pulseaudio = {
|
||||
# enable = false;
|
||||
# support32Bit = true;
|
||||
# };
|
||||
# };
|
||||
hardware = {
|
||||
pulseaudio = {
|
||||
enable = false;
|
||||
support32Bit = true;
|
||||
};
|
||||
};
|
||||
|
||||
# security = {
|
||||
# # I forget why I need these exactly...
|
||||
# polkit.enable = true;
|
||||
security = {
|
||||
# I forget why I need these exactly...
|
||||
polkit.enable = true;
|
||||
|
||||
# rtkit.enable = true;
|
||||
# };
|
||||
rtkit.enable = true;
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
music-production = {pkgs, ...}: {
|
||||
# TODO: may want to force nixpkgs-stable for a more-stable music production
|
||||
# environment?
|
||||
/*
|
||||
TODO: may want to force nixpkgs-stable for a more-stable music production
|
||||
environment?
|
||||
*/
|
||||
imports = [
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -684,11 +879,12 @@
|
|||
}
|
||||
];
|
||||
|
||||
# TODO: things to look into for music production:
|
||||
# - https://linuxmusicians.com/viewtopic.php?t=27016
|
||||
# - KXStudio?
|
||||
# - falktx (https://github.com/DISTRHO/Cardinal)
|
||||
# -
|
||||
/*
|
||||
TODO: things to look into for music production:
|
||||
- https://linuxmusicians.com/viewtopic.php?t=27016
|
||||
- KXStudio?
|
||||
- falktx (https://github.com/DISTRHO/Cardinal)
|
||||
*/
|
||||
};
|
||||
|
||||
podman = {pkgs, ...}: {
|
||||
|
@ -711,6 +907,24 @@
|
|||
backend = "podman";
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
extraHosts = ''
|
||||
127.0.0.1 host.docker.internal
|
||||
::1 host.docker.internal
|
||||
127.0.0.1 host.containers.internal
|
||||
::1 host.containers.internal
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtual-machines = {pkgs, ...}: {
|
||||
virtualisation.libvirtd.enable = true;
|
||||
users.users.daniel.extraGroups = ["libvirtd"];
|
||||
};
|
||||
|
||||
virtual-machines-gui = {pkgs, ...}: {
|
||||
programs.virt-manager.enable = true;
|
||||
};
|
||||
|
||||
postgres = {pkgs, ...}: {
|
||||
|
@ -771,8 +985,6 @@
|
|||
services.printing.drivers = [pkgs.gutenprint];
|
||||
};
|
||||
|
||||
sway = {};
|
||||
|
||||
enable-flatpaks-and-appimages = {
|
||||
services.flatpak.enable = true;
|
||||
programs.appimage.binfmt = true;
|
||||
|
@ -784,9 +996,15 @@
|
|||
networking.networkmanager.enable = mkDefault true;
|
||||
systemd.services.NetworkManager-wait-online.enable = mkDefault false;
|
||||
|
||||
# TODO: networking.networkmanager.wifi.backend = "iwd"; ?
|
||||
# TODO: powersave?
|
||||
# TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
|
||||
/*
|
||||
TODO: networking.networkmanager.wifi.backend = "iwd"; ?
|
||||
TODO: powersave?
|
||||
TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
|
||||
*/
|
||||
hardware.wirelessRegulatoryDatabase = true;
|
||||
boot.extraModprobeConfig = ''
|
||||
options cfg80211 ieee80211_regdom="US"
|
||||
'';
|
||||
};
|
||||
|
||||
steam = {pkgs, ...}: {
|
||||
|
@ -794,12 +1012,15 @@
|
|||
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
# extest.enable = true;
|
||||
# gamescopeSession.enable = true;
|
||||
|
||||
# extraPackages = with pkgs; [
|
||||
# gamescope
|
||||
# ];
|
||||
/*
|
||||
extest.enable = true;
|
||||
gamescopeSession.enable = true;
|
||||
|
||||
extraPackages = with pkgs; [
|
||||
gamescope
|
||||
];
|
||||
*/
|
||||
|
||||
extraCompatPackages = with pkgs; [
|
||||
proton-ge-bin
|
||||
|
@ -817,8 +1038,10 @@
|
|||
];
|
||||
|
||||
# remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
|
||||
# networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||
# networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||
/*
|
||||
networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||
networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||
*/
|
||||
};
|
||||
|
||||
root = {
|
||||
|
@ -957,41 +1180,43 @@
|
|||
boot.tmp.cleanOnBoot = true;
|
||||
services.irqbalance.enable = true;
|
||||
|
||||
services.kanidm = {
|
||||
enableClient = true;
|
||||
enablePam = true;
|
||||
package = pkgs.kanidm;
|
||||
# this is not ready for primetime yet
|
||||
# services.kanidm = {
|
||||
# enableClient = true;
|
||||
# enablePam = true;
|
||||
# package = pkgs.kanidm;
|
||||
|
||||
clientSettings.uri = "https://idm.h.lyte.dev";
|
||||
unixSettings = {
|
||||
# hsm_pin_path = "/somewhere/else";
|
||||
pam_allowed_login_groups = [];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /etc/kanidm 1755 nobody users -"
|
||||
];
|
||||
# clientSettings.uri = "https://idm.h.lyte.dev";
|
||||
# unixSettings = {
|
||||
# # hsm_pin_path = "/somewhere/else";
|
||||
# pam_allowed_login_groups = [];
|
||||
# };
|
||||
# };
|
||||
# systemd.tmpfiles.rules = [
|
||||
# "d /etc/kanidm 1755 nobody users -"
|
||||
# ];
|
||||
|
||||
# module has the incorrect file permissions out of the box
|
||||
environment.etc = {
|
||||
# "kanidm" = {
|
||||
# enable = true;
|
||||
# user = "nobody";
|
||||
# group = "users";
|
||||
# mode = "0755";
|
||||
# };
|
||||
"kanidm/unixd" = {
|
||||
user = "kanidm-unixd";
|
||||
group = "kanidm-unixd";
|
||||
mode = "0700";
|
||||
};
|
||||
"kanidm/config" = {
|
||||
# environment.etc = {
|
||||
/*
|
||||
"kanidm" = {
|
||||
enable = true;
|
||||
user = "nobody";
|
||||
group = "users";
|
||||
mode = "0755";
|
||||
};
|
||||
};
|
||||
*/
|
||||
# "kanidm/unixd" = {
|
||||
# user = "kanidm-unixd";
|
||||
# group = "kanidm-unixd";
|
||||
# mode = "0700";
|
||||
# };
|
||||
# "kanidm/config" = {
|
||||
# user = "nobody";
|
||||
# group = "users";
|
||||
# mode = "0755";
|
||||
# };
|
||||
# };
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
|
@ -999,7 +1224,7 @@
|
|||
};
|
||||
|
||||
time = {
|
||||
timeZone = lib.mkDefault "America/Chicago";
|
||||
timeZone = "America/Chicago";
|
||||
};
|
||||
|
||||
i18n = {
|
||||
|
@ -1022,7 +1247,7 @@
|
|||
useXkbConfig = lib.mkDefault true;
|
||||
earlySetup = lib.mkDefault true;
|
||||
|
||||
colors = with colors; [
|
||||
colors = with style.colors; [
|
||||
bg
|
||||
red
|
||||
green
|
||||
|
@ -1050,7 +1275,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
system.stateVersion = lib.mkDefault "24.05";
|
||||
};
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ in {
|
|||
requestTimeout = mkOption {
|
||||
type = types.int;
|
||||
description = "The maximum number of seconds before the HTTP request times out.";
|
||||
default = 30;
|
||||
default = 180;
|
||||
};
|
||||
afterBootTime = mkOption {
|
||||
type = types.str;
|
||||
|
@ -64,18 +64,24 @@ in {
|
|||
set -eu
|
||||
password="$(cat "${cfg.passwordFile}")"
|
||||
${optionalString cfg.ipv4 ''
|
||||
${pkgs.curl}/bin/curl -4 -s \
|
||||
"${pkgs.curl}/bin/curl" -4 -s \
|
||||
-vvv \
|
||||
-X POST \
|
||||
--max-time ${toString cfg.requestTimeout} \
|
||||
-u "${cfg.username}:''${password}" \
|
||||
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records"
|
||||
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" 2>&1 \
|
||||
| "${pkgs.sd}/bin/sd" --fixed-strings "''${password}" "[REDACTED]" \
|
||||
| "${pkgs.sd}/bin/sd" -f i "Authorization: .*" "Authorization: [REST OF LINE REDACTED]"
|
||||
''}
|
||||
${optionalString cfg.ipv6 ''
|
||||
${pkgs.curl}/bin/curl -6 -s \
|
||||
-vvv \
|
||||
-X POST \
|
||||
--max-time ${toString cfg.requestTimeout} \
|
||||
-u "${cfg.username}:''${password}" \
|
||||
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records"
|
||||
-L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" 2>&1 \
|
||||
| "${pkgs.sd}/bin/sd" --fixed-strings "''${password}" "[REDACTED]" \
|
||||
| "${pkgs.sd}/bin/sd" -f i "Authorization: .*" "Authorization: [REST OF LINE REDACTED]"
|
||||
''}
|
||||
'';
|
||||
serviceConfig = {
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [eww upower jq];
|
||||
}
|
|
@ -40,7 +40,6 @@
|
|||
|
||||
environment = {
|
||||
variables = {
|
||||
GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
||||
VISUAL = "hx";
|
||||
PAGER = "less";
|
||||
MANPAGER = "less";
|
||||
|
@ -50,36 +49,35 @@
|
|||
gnome.gnome-power-manager
|
||||
brightnessctl
|
||||
feh
|
||||
# gimp
|
||||
grim
|
||||
# inkscape
|
||||
# krita
|
||||
libinput
|
||||
libinput-gestures
|
||||
libnotify
|
||||
# lutris
|
||||
# nil
|
||||
# nixpkgs-fmt
|
||||
noto-fonts
|
||||
pamixer
|
||||
# pavucontrol
|
||||
playerctl
|
||||
# pulseaudio
|
||||
pulsemixer
|
||||
# rclone
|
||||
# restic
|
||||
slurp
|
||||
# steam
|
||||
swaybg
|
||||
swayidle
|
||||
swaylock
|
||||
# vlc
|
||||
# vulkan-tools
|
||||
waybar
|
||||
# weechat
|
||||
# wine
|
||||
wl-clipboard
|
||||
zathura
|
||||
/*
|
||||
gimp
|
||||
inkscape
|
||||
krita
|
||||
pavucontrol
|
||||
pulseaudio
|
||||
rclone
|
||||
restic
|
||||
steam
|
||||
vlc
|
||||
vulkan-tools
|
||||
weechat
|
||||
wine
|
||||
*/
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
{
|
||||
inputs,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./ewwbar.nix
|
||||
./pipewire.nix
|
||||
{
|
||||
programs.hyprland = {
|
||||
enable = true;
|
||||
package = inputs.hyprland.packages.${pkgs.system}.hyprland;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [hyprpaper xwaylandvideobridge socat];
|
||||
}
|
||||
];
|
||||
}
|
|
@ -1,81 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
imports = [
|
||||
./pipewire.nix
|
||||
];
|
||||
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
wrapperFeatures.gtk = true;
|
||||
};
|
||||
|
||||
# services.xserver.libinput.enable = true;
|
||||
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-wlr
|
||||
];
|
||||
};
|
||||
|
||||
services.dbus.enable = true;
|
||||
|
||||
programs.thunar = {
|
||||
enable = true;
|
||||
plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman];
|
||||
};
|
||||
|
||||
services.gvfs = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
environment = {
|
||||
variables = {
|
||||
GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
|
||||
VISUAL = "hx";
|
||||
PAGER = "less";
|
||||
MANPAGER = "less";
|
||||
};
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
brightnessctl
|
||||
feh
|
||||
# gimp
|
||||
grim
|
||||
# inkscape
|
||||
# krita
|
||||
libinput
|
||||
libinput-gestures
|
||||
libnotify
|
||||
# mako
|
||||
# lutris
|
||||
# nil
|
||||
# nixpkgs-fmt
|
||||
noto-fonts
|
||||
pamixer
|
||||
# pavucontrol
|
||||
playerctl
|
||||
pulseaudio
|
||||
pulsemixer
|
||||
# rclone
|
||||
# restic
|
||||
slurp
|
||||
# steam
|
||||
swaybg
|
||||
swayidle
|
||||
swaylock
|
||||
swayosd
|
||||
tofi
|
||||
# vlc
|
||||
# vulkan-tools
|
||||
waybar
|
||||
# weechat
|
||||
# wine
|
||||
wl-clipboard
|
||||
zathura
|
||||
];
|
||||
};
|
||||
}
|
2558
nixos/beefcake.nix
2558
nixos/beefcake.nix
File diff suppressed because it is too large
Load diff
|
@ -40,21 +40,23 @@
|
|||
};
|
||||
};
|
||||
|
||||
# networking = {
|
||||
# firewall = let
|
||||
# terraria = 7777;
|
||||
# stardew-valley = 24642;
|
||||
# web-dev-lan = 18888;
|
||||
# ports = [
|
||||
# terraria
|
||||
# stardew-valley
|
||||
# web-dev-lan
|
||||
# ];
|
||||
# in {
|
||||
# allowedTCPPorts = ports;
|
||||
# allowedUDPPorts = ports;
|
||||
# };
|
||||
# };
|
||||
/*
|
||||
networking = {
|
||||
firewall = let
|
||||
terraria = 7777;
|
||||
stardew-valley = 24642;
|
||||
web-dev-lan = 18888;
|
||||
ports = [
|
||||
terraria
|
||||
stardew-valley
|
||||
web-dev-lan
|
||||
];
|
||||
in {
|
||||
allowedTCPPorts = ports;
|
||||
allowedUDPPorts = ports;
|
||||
};
|
||||
};
|
||||
*/
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
radeontop
|
||||
|
@ -63,69 +65,73 @@
|
|||
];
|
||||
|
||||
home-manager.users.daniel = {
|
||||
# slippi-launcher = {
|
||||
# enable = true;
|
||||
# # isoPath = "${config.home-manager.users.daniel.home.homeDirectory}/../games/roms/dolphin/melee.iso";
|
||||
# launchMeleeOnPlay = false;
|
||||
# };
|
||||
/*
|
||||
slippi-launcher = {
|
||||
enable = true;
|
||||
# isoPath = "${config.home-manager.users.daniel.home.homeDirectory}/../games/roms/dolphin/melee.iso";
|
||||
launchMeleeOnPlay = false;
|
||||
};
|
||||
*/
|
||||
|
||||
# TODO: monitor config module?
|
||||
# wayland.windowManager.hyprland = {
|
||||
# settings = {
|
||||
# env = [
|
||||
# "EWW_BAR_MON,1"
|
||||
# ];
|
||||
# # See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
# monitor = [
|
||||
# # "DP-2,3840x2160@60,-2160x0,1,transform,3"
|
||||
# "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
|
||||
/*
|
||||
wayland.windowManager.hyprland = {
|
||||
settings = {
|
||||
env = [
|
||||
"EWW_BAR_MON,1"
|
||||
];
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
monitor = [
|
||||
# "DP-2,3840x2160@60,-2160x0,1,transform,3"
|
||||
"DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
|
||||
## HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
|
||||
## "desc:LG Display 0x0521,3840x2160@120,0x0,1"
|
||||
## "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
|
||||
# "DP-2,3840x2160@60,0x0,1.5,transform,1"
|
||||
# ];
|
||||
# input = {
|
||||
# force_no_accel = true;
|
||||
# sensitivity = 1; # -1.0 - 1.0, 0 means no modification.
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
"DP-2,3840x2160@60,0x0,1.5,transform,1"
|
||||
];
|
||||
input = {
|
||||
force_no_accel = true;
|
||||
sensitivity = 1; # -1.0 - 1.0, 0 means no modification.
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# wayland.windowManager.sway = {
|
||||
# config = {
|
||||
# output = {
|
||||
# "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = {
|
||||
# mode = "3840x2160@120Hz";
|
||||
# position = "${toString (builtins.ceil (2160 / 1.5))},0";
|
||||
# };
|
||||
wayland.windowManager.sway = {
|
||||
config = {
|
||||
output = {
|
||||
"GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = {
|
||||
mode = "3840x2160@120Hz";
|
||||
position = "${toString (builtins.ceil (2160 / 1.5))},0";
|
||||
};
|
||||
|
||||
# "Dell Inc. DELL U2720Q D3TM623" = {
|
||||
# # desktop left vertical monitor
|
||||
# mode = "3840x2160@60Hz";
|
||||
# transform = "90";
|
||||
# scale = "1.5";
|
||||
# position = "0,0";
|
||||
# };
|
||||
# };
|
||||
"Dell Inc. DELL U2720Q D3TM623" = {
|
||||
# desktop left vertical monitor
|
||||
mode = "3840x2160@60Hz";
|
||||
transform = "90";
|
||||
scale = "1.5";
|
||||
position = "0,0";
|
||||
};
|
||||
};
|
||||
|
||||
# workspaceOutputAssign =
|
||||
# (
|
||||
# map
|
||||
# (ws: {
|
||||
# output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307";
|
||||
# workspace = toString ws;
|
||||
# })
|
||||
# (lib.range 1 7)
|
||||
# )
|
||||
# ++ (
|
||||
# map
|
||||
# (ws: {
|
||||
# output = "Dell Inc. DELL U2720Q D3TM623";
|
||||
# workspace = toString ws;
|
||||
# })
|
||||
# (lib.range 8 9)
|
||||
# );
|
||||
# };
|
||||
# };
|
||||
workspaceOutputAssign =
|
||||
(
|
||||
map
|
||||
(ws: {
|
||||
output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307";
|
||||
workspace = toString ws;
|
||||
})
|
||||
(lib.range 1 7)
|
||||
)
|
||||
++ (
|
||||
map
|
||||
(ws: {
|
||||
output = "Dell Inc. DELL U2720Q D3TM623";
|
||||
workspace = toString ws;
|
||||
})
|
||||
(lib.range 8 9)
|
||||
);
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
}
|
||||
|
|
131
nixos/dragon.nix
131
nixos/dragon.nix
|
@ -10,6 +10,26 @@
|
|||
home-manager.users.daniel.home.stateVersion = "24.05";
|
||||
networking.hostName = "dragon";
|
||||
}
|
||||
|
||||
{
|
||||
# sops secrets config
|
||||
sops = {
|
||||
defaultSopsFile = ../secrets/dragon/secrets.yml;
|
||||
age = {
|
||||
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
generateKey = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
sops.secrets = {
|
||||
ddns-pass = {mode = "0400";};
|
||||
};
|
||||
services.deno-netlify-ddns-client = {
|
||||
passwordFile = config.sops.secrets.ddns-pass.path;
|
||||
};
|
||||
}
|
||||
];
|
||||
hardware.graphics.extraPackages = [
|
||||
# pkgs.rocmPackages.clr.icd
|
||||
|
@ -73,62 +93,65 @@
|
|||
};
|
||||
|
||||
# TODO: monitor config module?
|
||||
# wayland.windowManager.hyprland = {
|
||||
# settings = {
|
||||
# env = [
|
||||
# "EWW_BAR_MON,1"
|
||||
# ];
|
||||
# # See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
# monitor = [
|
||||
# # "DP-2,3840x2160@60,-2160x0,1,transform,3"
|
||||
# "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
|
||||
# # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
|
||||
# # "desc:LG Display 0x0521,3840x2160@120,0x0,1"
|
||||
# # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
|
||||
# "DP-2,3840x2160@60,0x0,1.5,transform,1"
|
||||
# ];
|
||||
# input = {
|
||||
# force_no_accel = true;
|
||||
# sensitivity = 1; # -1.0 - 1.0, 0 means no modification.
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
wayland.windowManager.hyprland = {
|
||||
settings = {
|
||||
env = [
|
||||
"EWW_BAR_MON,1"
|
||||
];
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
monitor = [
|
||||
# "DP-2,3840x2160@60,-2160x0,1,transform,3"
|
||||
"DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
|
||||
# TODO: HDR breaks screenshare?
|
||||
/*
|
||||
"DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
|
||||
"desc:LG Display 0x0521,3840x2160@120,0x0,1"
|
||||
"desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
|
||||
*/
|
||||
"DP-2,3840x2160@60,0x0,1.5,transform,1"
|
||||
];
|
||||
input = {
|
||||
force_no_accel = true;
|
||||
sensitivity = 1; # -1.0 - 1.0, 0 means no modification.
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# wayland.windowManager.sway = {
|
||||
# config = {
|
||||
# output = {
|
||||
# "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = {
|
||||
# mode = "3840x2160@120Hz";
|
||||
# position = "${toString (builtins.ceil (2160 / 1.5))},0";
|
||||
# };
|
||||
wayland.windowManager.sway = {
|
||||
config = {
|
||||
output = {
|
||||
"GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" = {
|
||||
mode = "3840x2160@120Hz";
|
||||
position = "${toString (builtins.ceil (2160 / 1.5))},0";
|
||||
};
|
||||
|
||||
# "Dell Inc. DELL U2720Q D3TM623" = {
|
||||
# # desktop left vertical monitor
|
||||
# mode = "3840x2160@60Hz";
|
||||
# transform = "90";
|
||||
# scale = "1.5";
|
||||
# position = "0,0";
|
||||
# };
|
||||
# };
|
||||
"Dell Inc. DELL U2720Q D3TM623" = {
|
||||
# desktop left vertical monitor
|
||||
mode = "3840x2160@60Hz";
|
||||
transform = "270";
|
||||
scale = "1.5";
|
||||
position = "0,0";
|
||||
};
|
||||
};
|
||||
|
||||
# workspaceOutputAssign =
|
||||
# (
|
||||
# map
|
||||
# (ws: {
|
||||
# output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307";
|
||||
# workspace = toString ws;
|
||||
# })
|
||||
# (lib.range 1 7)
|
||||
# )
|
||||
# ++ (
|
||||
# map
|
||||
# (ws: {
|
||||
# output = "Dell Inc. DELL U2720Q D3TM623";
|
||||
# workspace = toString ws;
|
||||
# })
|
||||
# (lib.range 8 9)
|
||||
# );
|
||||
# };
|
||||
# };
|
||||
workspaceOutputAssign =
|
||||
(
|
||||
map
|
||||
(ws: {
|
||||
output = "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307";
|
||||
workspace = toString ws;
|
||||
})
|
||||
(lib.range 1 7)
|
||||
)
|
||||
++ (
|
||||
map
|
||||
(ws: {
|
||||
output = "Dell Inc. DELL U2720Q D3TM623";
|
||||
workspace = toString ws;
|
||||
})
|
||||
(lib.range 8 9)
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
58
nixos/factorio-versions.json
Normal file
58
nixos/factorio-versions.json
Normal file
|
@ -0,0 +1,58 @@
|
|||
{
|
||||
"x86_64-linux": {
|
||||
"alpha": {
|
||||
"experimental": {
|
||||
"name": "factorio_alpha_x64-1.1.110.tar.xz",
|
||||
"needsAuth": true,
|
||||
"sha256": "0ndhb94lh47n09a7wshm2inv52fd6rjfa7fk7nk9b7zzh84i7f4x",
|
||||
"tarDirectory": "x64",
|
||||
"url": "https://factorio.com/get-download/1.1.110/alpha/linux64",
|
||||
"version": "1.1.110"
|
||||
},
|
||||
"stable": {
|
||||
"name": "factorio_alpha_x64-1.1.110.tar.xz",
|
||||
"needsAuth": true,
|
||||
"sha256": "0ndhb94lh47n09a7wshm2inv52fd6rjfa7fk7nk9b7zzh84i7f4x",
|
||||
"tarDirectory": "x64",
|
||||
"url": "https://factorio.com/get-download/1.1.110/alpha/linux64",
|
||||
"version": "1.1.110"
|
||||
}
|
||||
},
|
||||
"demo": {
|
||||
"experimental": {
|
||||
"name": "factorio_demo_x64-1.1.110.tar.xz",
|
||||
"needsAuth": false,
|
||||
"sha256": "0dasxgrybl00vrabgrlarsvg0hdg5rvn3y4hsljhqc4zpbf93nxx",
|
||||
"tarDirectory": "x64",
|
||||
"url": "https://factorio.com/get-download/1.1.110/demo/linux64",
|
||||
"version": "1.1.110"
|
||||
},
|
||||
"stable": {
|
||||
"name": "factorio_demo_x64-1.1.110.tar.xz",
|
||||
"needsAuth": false,
|
||||
"sha256": "0dasxgrybl00vrabgrlarsvg0hdg5rvn3y4hsljhqc4zpbf93nxx",
|
||||
"tarDirectory": "x64",
|
||||
"url": "https://factorio.com/get-download/1.1.110/demo/linux64",
|
||||
"version": "1.1.110"
|
||||
}
|
||||
},
|
||||
"headless": {
|
||||
"experimental": {
|
||||
"name": "factorio_headless_x64-1.1.110.tar.xz",
|
||||
"needsAuth": false,
|
||||
"sha256": "0sk4g9y051xjhiwdhj1yz808308zwsbpq3nps1ywvpp56vdycps8",
|
||||
"tarDirectory": "x64",
|
||||
"url": "https://factorio.com/get-download/1.1.110/headless/linux64",
|
||||
"version": "1.1.110"
|
||||
},
|
||||
"stable": {
|
||||
"name": "factorio_headless_x64-1.1.110.tar.xz",
|
||||
"needsAuth": false,
|
||||
"sha256": "0sk4g9y051xjhiwdhj1yz808308zwsbpq3nps1ywvpp56vdycps8",
|
||||
"tarDirectory": "x64",
|
||||
"url": "https://factorio.com/get-download/1.1.110/headless/linux64",
|
||||
"version": "1.1.110"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,4 +1,244 @@
|
|||
{pkgs, ...}: {
|
||||
{pkgs, ...}:
|
||||
/*
|
||||
## source: https://community.frame.work/t/speakers-sound-quality/1078/82
|
||||
let
|
||||
pipewire-speakers-profile-json = ''{
|
||||
"output": {
|
||||
"blocklist": [],
|
||||
"equalizer": {
|
||||
"balance": 0.0,
|
||||
"bypass": false,
|
||||
"input-gain": 0.0,
|
||||
"left": {
|
||||
"band0": {
|
||||
"frequency": 100.0,
|
||||
"gain": 0.0,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 1.0,
|
||||
"slope": "x4",
|
||||
"solo": false,
|
||||
"type": "Hi-pass"
|
||||
},
|
||||
"band1": {
|
||||
"frequency": 150.0,
|
||||
"gain": 4.02,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 3.0,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band2": {
|
||||
"frequency": 600.0,
|
||||
"gain": -5.07,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.000000000000008,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band3": {
|
||||
"frequency": 1200.0,
|
||||
"gain": -3.49,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.17,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band4": {
|
||||
"frequency": 2000.0,
|
||||
"gain": 1.43,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.0,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band5": {
|
||||
"frequency": 5300.0,
|
||||
"gain": 3.84,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 2.64,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band6": {
|
||||
"frequency": 6000.0,
|
||||
"gain": 4.02,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.36,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Hi-shelf"
|
||||
},
|
||||
"band7": {
|
||||
"frequency": 7500.0,
|
||||
"gain": -2.09,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 3.0,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band8": {
|
||||
"frequency": 8000.0,
|
||||
"gain": 2.01,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.36,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band9": {
|
||||
"frequency": 900.0,
|
||||
"gain": -4.12,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 5.909999999999967,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
}
|
||||
},
|
||||
"mode": "IIR",
|
||||
"num-bands": 10,
|
||||
"output-gain": -1.5,
|
||||
"pitch-left": 0.0,
|
||||
"pitch-right": 0.0,
|
||||
"right": {
|
||||
"band0": {
|
||||
"frequency": 100.0,
|
||||
"gain": 0.0,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 1.0,
|
||||
"slope": "x4",
|
||||
"solo": false,
|
||||
"type": "Hi-pass"
|
||||
},
|
||||
"band1": {
|
||||
"frequency": 150.0,
|
||||
"gain": 4.02,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 3.0,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band2": {
|
||||
"frequency": 600.0,
|
||||
"gain": -5.07,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.000000000000008,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band3": {
|
||||
"frequency": 1200.0,
|
||||
"gain": -3.49,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.17,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band4": {
|
||||
"frequency": 2000.0,
|
||||
"gain": 1.43,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.0,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band5": {
|
||||
"frequency": 5300.0,
|
||||
"gain": 3.84,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 2.64,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band6": {
|
||||
"frequency": 6000.0,
|
||||
"gain": 4.02,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.36,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Hi-shelf"
|
||||
},
|
||||
"band7": {
|
||||
"frequency": 7500.0,
|
||||
"gain": -2.09,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 3.0,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band8": {
|
||||
"frequency": 8000.0,
|
||||
"gain": 2.01,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 4.36,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
},
|
||||
"band9": {
|
||||
"frequency": 900.0,
|
||||
"gain": -4.12,
|
||||
"mode": "RLC (BT)",
|
||||
"mute": false,
|
||||
"q": 5.909999999999967,
|
||||
"slope": "x1",
|
||||
"solo": false,
|
||||
"type": "Bell"
|
||||
}
|
||||
},
|
||||
"split-channels": false
|
||||
},
|
||||
"loudness": {
|
||||
"bypass": false,
|
||||
"clipping": false,
|
||||
"clipping-range": 6.0,
|
||||
"fft": "4096",
|
||||
"input-gain": 0.0,
|
||||
"output-gain": 0.0,
|
||||
"std": "ISO226-2003",
|
||||
"volume": 6.999999999999991
|
||||
},
|
||||
"plugins_order": [
|
||||
"loudness",
|
||||
"equalizer"
|
||||
]
|
||||
}
|
||||
}'';
|
||||
in
|
||||
*/
|
||||
{
|
||||
imports = [
|
||||
{
|
||||
system.stateVersion = "24.05";
|
||||
|
@ -6,32 +246,21 @@
|
|||
networking.hostName = "foxtrot";
|
||||
}
|
||||
{
|
||||
# laptop power management
|
||||
services.upower.enable = true;
|
||||
swapDevices = [
|
||||
# TODO: move this to disko?
|
||||
# NOTE(oninstall):
|
||||
# sudo btrfs subvolume create /swap
|
||||
# sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile
|
||||
# sudo swapon /swap/swapfile
|
||||
/*
|
||||
sudo btrfs subvolume create /swap
|
||||
sudo btrfs filesystem mkswapfile --size 32g --uuid clear /swap/swapfile
|
||||
sudo swapon /swap/swapfile
|
||||
*/
|
||||
{device = "/swap/swapfile";}
|
||||
];
|
||||
# findmnt -no UUID -T /swap/swapfile
|
||||
boot.resumeDevice = "/dev/disk/by-uuid/81c3354a-f629-4b6b-a249-7705aeb9f0d5";
|
||||
systemd.sleep.extraConfig = "HibernateDelaySec=30m";
|
||||
systemd.sleep.extraConfig = "HibernateDelaySec=11m";
|
||||
services.fwupd.enable = true;
|
||||
services.fwupd.extraRemotes = ["lvfs-testing"];
|
||||
|
||||
# NOTE: I'm letting plasma settings handle this I guess?
|
||||
# services.logind = {
|
||||
# lidSwitch = "suspend-then-hibernate";
|
||||
# # HandleLidSwitchDocked=ignore
|
||||
# extraConfig = ''
|
||||
# HandlePowerKey=suspend-then-hibernate
|
||||
# IdleActionSec=10m
|
||||
# IdleAction=suspend-then-hibernate
|
||||
# '';
|
||||
# };
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -56,37 +285,52 @@
|
|||
};
|
||||
};
|
||||
|
||||
# wayland.windowManager.hyprland = {
|
||||
# settings = {
|
||||
# env = [
|
||||
# "EWW_BAR_MON,0"
|
||||
# ];
|
||||
# # See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
# monitor = [
|
||||
# "eDP-1,2256x1504@60,0x0,${toString scale}"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
/*
|
||||
wayland.windowManager.hyprland = {
|
||||
settings = {
|
||||
env = [
|
||||
"EWW_BAR_MON,0"
|
||||
];
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
monitor = [
|
||||
"eDP-1,2256x1504@60,0x0,${toString scale}"
|
||||
];
|
||||
};
|
||||
};
|
||||
*/
|
||||
|
||||
# wayland.windowManager.sway = {
|
||||
# config = {
|
||||
# output = {
|
||||
# "BOE 0x0BCA Unknown" = {
|
||||
# mode = "2256x1504@60Hz";
|
||||
# position = "0,0";
|
||||
# scale = toString scale;
|
||||
# };
|
||||
wayland.windowManager.sway = {
|
||||
config = {
|
||||
output = {
|
||||
"BOE NE135A1M-NY1 Unknown" = {
|
||||
mode = "2880x1920@120Hz";
|
||||
position = "1092,2160";
|
||||
scale = toString 1.75;
|
||||
};
|
||||
|
||||
# "Dell Inc. DELL U2720Q D3TM623" = {
|
||||
# # desktop left vertical monitor
|
||||
# mode = "1920x1080@60Hz";
|
||||
# # transform = "90";
|
||||
# # scale = "1.5";
|
||||
# position = "${toString (builtins.floor (2256 / scale))},0";
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
"Dell Inc. DELL U2720Q CWTM623" = {
|
||||
mode = "3840x2160@60Hz";
|
||||
position = "0,0";
|
||||
};
|
||||
|
||||
/*
|
||||
"BOE 0x0BCA Unknown" = {
|
||||
mode = "2256x1504@60Hz";
|
||||
position = "0,0";
|
||||
scale = toString scale;
|
||||
};
|
||||
|
||||
"Dell Inc. DELL U2720Q D3TM623" = {
|
||||
# desktop left vertical monitor
|
||||
mode = "1920x1080@60Hz";
|
||||
# transform = "90";
|
||||
# scale = "1.5";
|
||||
position = "${toString (builtins.floor (2256 / scale))},0";
|
||||
};
|
||||
*/
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hardware.graphics.extraPackages = [
|
||||
|
@ -99,7 +343,6 @@
|
|||
];
|
||||
|
||||
networking.networkmanager.wifi.powersave = false;
|
||||
hardware.wirelessRegulatoryDatabase = true;
|
||||
|
||||
hardware.framework.amd-7040.preventWakeOnAC = true;
|
||||
|
||||
|
@ -107,15 +350,17 @@
|
|||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
# https://github.com/void-linux/void-packages/issues/50417#issuecomment-2131802836 fix framework 13 not shutting down
|
||||
# kernelPatches = [
|
||||
# {
|
||||
# name = "framework13shutdownfix";
|
||||
# patch = builtins.fetchurl {
|
||||
# url = "https://github.com/void-linux/void-packages/files/15445612/0001-Add-hopefully-a-solution-for-shutdown-regression.PATCH";
|
||||
# sha256 = "sha256:10zcnzy5hkam2cnxx441b978gzhvnqlcc49k7bpz9dc28xyjik50";
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
/*
|
||||
kernelPatches = [
|
||||
{
|
||||
name = "framework13shutdownfix";
|
||||
patch = builtins.fetchurl {
|
||||
url = "https://github.com/void-linux/void-packages/files/15445612/0001-Add-hopefully-a-solution-for-shutdown-regression.PATCH";
|
||||
sha256 = "sha256:10zcnzy5hkam2cnxx441b978gzhvnqlcc49k7bpz9dc28xyjik50";
|
||||
};
|
||||
}
|
||||
];
|
||||
*/
|
||||
|
||||
loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
|
@ -123,11 +368,12 @@
|
|||
};
|
||||
|
||||
# NOTE(oninstall):
|
||||
# sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}'
|
||||
# the above won't work for btrfs, instead you need
|
||||
# btrfs inspect-internal map-swapfile -r /swap/swapfile
|
||||
# https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
|
||||
# many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend
|
||||
/*
|
||||
sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}'
|
||||
the above won't work for btrfs, instead you need btrfs inspect-internal map-swapfile -r /swap/swapfile
|
||||
https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
|
||||
many of these come from https://wiki.archlinux.org/title/Framework_Laptop_13#Suspend
|
||||
*/
|
||||
kernelParams = [
|
||||
"rtc_cmos.use_acpi_alarm=1"
|
||||
"amdgpu.sg_display=0"
|
||||
|
@ -140,9 +386,6 @@
|
|||
];
|
||||
initrd.availableKernelModules = ["xhci_pci" "nvme" "thunderbolt"];
|
||||
kernelModules = ["kvm-amd"];
|
||||
extraModprobeConfig = ''
|
||||
options cfg80211 ieee80211_regdom="US"
|
||||
'';
|
||||
};
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
|
@ -151,17 +394,19 @@
|
|||
powerOnBoot = false;
|
||||
};
|
||||
powerManagement.cpuFreqGovernor = "ondemand";
|
||||
# powerManagement.resumeCommands = ''
|
||||
# modprobe -rv mt7921e
|
||||
# modprobe -v mt7921e
|
||||
# '';
|
||||
/*
|
||||
powerManagement.resumeCommands = ''
|
||||
modprobe -rv mt7921e
|
||||
modprobe -v mt7921e
|
||||
'';
|
||||
*/
|
||||
|
||||
services.power-profiles-daemon = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.fprintd = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
package = pkgs.fprintd.overrideAttrs {
|
||||
# Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
|
||||
mesonCheckFlags = [
|
||||
|
@ -170,24 +415,24 @@
|
|||
"fprintd:TestPamFprintd"
|
||||
];
|
||||
};
|
||||
# tod.enable = true;
|
||||
# tod.driver = pkgs.libfprint-2-tod1-goodix;
|
||||
};
|
||||
|
||||
# services.tlp = {
|
||||
# enable = true;
|
||||
# settings = {
|
||||
# CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
|
||||
# CPU_SCALING_GOVERNOR_ON_BAT = "ondemand";
|
||||
# CPU_MIN_PERF_ON_BAT = 0;
|
||||
# CPU_MAX_PERF_ON_BAT = 80;
|
||||
/*
|
||||
services.tlp = {
|
||||
enable = true;
|
||||
settings = {
|
||||
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
|
||||
CPU_SCALING_GOVERNOR_ON_BAT = "ondemand";
|
||||
CPU_MIN_PERF_ON_BAT = 0;
|
||||
CPU_MAX_PERF_ON_BAT = 80;
|
||||
|
||||
# CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||
# CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
|
||||
# CPU_MIN_PERF_ON_AC = 0;
|
||||
# CPU_MAX_PERF_ON_AC = 100;
|
||||
# };
|
||||
# };
|
||||
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
|
||||
CPU_MIN_PERF_ON_AC = 0;
|
||||
CPU_MAX_PERF_ON_AC = 100;
|
||||
};
|
||||
};
|
||||
*/
|
||||
|
||||
networking.firewall.allowedTCPPorts = let
|
||||
stardewValley = 24642;
|
||||
|
|
|
@ -58,15 +58,19 @@
|
|||
hardware.raspberry-pi."4".audio.enable = true;
|
||||
|
||||
nixpkgs.overlays = [
|
||||
# nixos-22.05
|
||||
# (self: super: { libcec = super.libcec.override { inherit (self) libraspberrypi; }; })
|
||||
# nixos-22.11
|
||||
# (self: super: {libcec = super.libcec.override {withLibraspberrypi = true;};})
|
||||
/*
|
||||
nixos-22.05
|
||||
(self: super: { libcec = super.libcec.override { inherit (self) libraspberrypi; }; })
|
||||
nixos-22.11
|
||||
(self: super: {libcec = super.libcec.override {withLibraspberrypi = true;};})
|
||||
*/
|
||||
];
|
||||
|
||||
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
|
||||
# systemd.services."getty@tty1".enable = false;
|
||||
# systemd.services."autovt@tty1".enable = false;
|
||||
/*
|
||||
systemd.services."getty@tty1".enable = false;
|
||||
systemd.services."autovt@tty1".enable = false;
|
||||
*/
|
||||
|
||||
# hardware
|
||||
systemd.targets.sleep.enable = false;
|
||||
|
@ -99,38 +103,40 @@
|
|||
};
|
||||
};
|
||||
|
||||
# services.udev.extraRules = ''
|
||||
# # allow access to raspi cec device for video group (and optionally register it as a systemd device, used below)
|
||||
# SUBSYSTEM=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq"
|
||||
# '';
|
||||
/*
|
||||
services.udev.extraRules = ''
|
||||
# allow access to raspi cec device for video group (and optionally register it as a systemd device, used below)
|
||||
SUBSYSTEM=="vchiq", GROUP="video", MODE="0660", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/vchiq"
|
||||
'';
|
||||
|
||||
# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
|
||||
# optional: attach a persisted cec-client to `/run/cec.fifo`, to avoid the CEC ~1s startup delay per command
|
||||
# scan for devices: `echo 'scan' > /run/cec.fifo ; journalctl -u cec-client.service`
|
||||
# set pi as active source: `echo 'as' > /run/cec.fifo`
|
||||
# systemd.sockets."cec-client" = {
|
||||
# after = ["dev-vchiq.device"];
|
||||
# bindsTo = ["dev-vchiq.device"];
|
||||
# wantedBy = ["sockets.target"];
|
||||
# socketConfig = {
|
||||
# ListenFIFO = "/run/cec.fifo";
|
||||
# SocketGroup = "video";
|
||||
# SocketMode = "0660";
|
||||
# };
|
||||
# };
|
||||
# systemd.services."cec-client" = {
|
||||
# after = ["dev-vchiq.device"];
|
||||
# bindsTo = ["dev-vchiq.device"];
|
||||
# wantedBy = ["multi-user.target"];
|
||||
# serviceConfig = {
|
||||
# ExecStart = ''${pkgs.libcec}/bin/cec-client -d 1'';
|
||||
# ExecStop = ''/bin/sh -c "echo q > /run/cec.fifo"'';
|
||||
# StandardInput = "socket";
|
||||
# StandardOutput = "journal";
|
||||
# Restart = "no";
|
||||
# };
|
||||
# };
|
||||
optional: attach a persisted cec-client to `/run/cec.fifo`, to avoid the CEC ~1s startup delay per command
|
||||
scan for devices: `echo 'scan' > /run/cec.fifo ; journalctl -u cec-client.service`
|
||||
set pi as active source: `echo 'as' > /run/cec.fifo`
|
||||
systemd.sockets."cec-client" = {
|
||||
after = ["dev-vchiq.device"];
|
||||
bindsTo = ["dev-vchiq.device"];
|
||||
wantedBy = ["sockets.target"];
|
||||
socketConfig = {
|
||||
ListenFIFO = "/run/cec.fifo";
|
||||
SocketGroup = "video";
|
||||
SocketMode = "0660";
|
||||
};
|
||||
};
|
||||
systemd.services."cec-client" = {
|
||||
after = ["dev-vchiq.device"];
|
||||
bindsTo = ["dev-vchiq.device"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
serviceConfig = {
|
||||
ExecStart = ''${pkgs.libcec}/bin/cec-client -d 1'';
|
||||
ExecStop = ''/bin/sh -c "echo q > /run/cec.fifo"'';
|
||||
StandardInput = "socket";
|
||||
StandardOutput = "journal";
|
||||
Restart = "no";
|
||||
};
|
||||
};
|
||||
*/
|
||||
|
||||
hardware.graphics.driSupport32Bit = lib.mkForce false;
|
||||
|
||||
|
|
|
@ -25,11 +25,14 @@
|
|||
device = "/dev/sda";
|
||||
};
|
||||
|
||||
users.groups.beefcake = {};
|
||||
users.users = {
|
||||
beefcake = {
|
||||
# used for restic backups
|
||||
# TODO: can this be a system user?
|
||||
isNormalUser = true;
|
||||
isSystemUser = true;
|
||||
createHome = true;
|
||||
home = "/storage/backups/beefcake";
|
||||
group = "beefcake";
|
||||
extraGroups = ["sftponly"];
|
||||
openssh.authorizedKeys.keys =
|
||||
config.users.users.daniel.openssh.authorizedKeys.keys
|
||||
++ [
|
||||
|
@ -52,6 +55,13 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.openssh.extraConfig = ''
|
||||
Match Group sftponly
|
||||
ChrootDirectory /storage/backups/%u
|
||||
ForceCommand internal-sftp
|
||||
AllowTcpForwarding no
|
||||
'';
|
||||
|
||||
networking = {
|
||||
hostName = "rascal";
|
||||
networkmanager.enable = true;
|
||||
|
|
607
nixos/router.nix
607
nixos/router.nix
|
@ -1,17 +1,19 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
# outputs,
|
||||
# config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
# NOTE: My goal is to be able to apply most of the common tweaks to the router
|
||||
# either live on the system for ad-hoc changes (such as forwarding a port for a
|
||||
# multiplayer game) or to tweak these values just below without reaching deeper
|
||||
# into the modules' implementation of these configuration values
|
||||
# NOTE: I could turn this into a cool NixOS module?
|
||||
# TODO: review https://francis.begyn.be/blog/nixos-home-router
|
||||
# TODO: more recent: https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md
|
||||
/*
|
||||
NOTE: My goal is to be able to apply most of the common tweaks to the router
|
||||
either live on the system for ad-hoc changes (such as forwarding a port for a
|
||||
multiplayer game) or to tweak these values just below without reaching deeper
|
||||
into the modules' implementation of these configuration values
|
||||
NOTE: I could turn this into a cool NixOS module?
|
||||
TODO: review https://francis.begyn.be/blog/nixos-home-router
|
||||
TODO: more recent: https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md
|
||||
*/
|
||||
hostname = "router";
|
||||
domain = "h.lyte.dev";
|
||||
ip = "192.168.0.1";
|
||||
|
@ -49,12 +51,18 @@
|
|||
"idm.h.lyte.dev"
|
||||
"git.lyte.dev"
|
||||
"video.lyte.dev"
|
||||
"paperless.h.lyte.dev"
|
||||
"audio.lyte.dev"
|
||||
"a.lyte.dev"
|
||||
"bw.lyte.dev"
|
||||
"files.lyte.dev"
|
||||
"vpn.h.lyte.dev"
|
||||
"atuin.h.lyte.dev"
|
||||
"grafana.h.lyte.dev"
|
||||
"prometheus.h.lyte.dev"
|
||||
"finances.h.lyte.dev"
|
||||
"nextcloud.h.lyte.dev"
|
||||
"onlyoffice.h.lyte.dev"
|
||||
"a.lyte.dev"
|
||||
];
|
||||
};
|
||||
|
@ -96,6 +104,25 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
iftop
|
||||
];
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ../secrets/router/secrets.yml;
|
||||
age = {
|
||||
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
generateKey = true;
|
||||
};
|
||||
secrets = {
|
||||
netlify-ddns-password = {mode = "0400";};
|
||||
};
|
||||
};
|
||||
services.deno-netlify-ddns-client = {
|
||||
passwordFile = config.sops.secrets.netlify-ddns-password.path;
|
||||
};
|
||||
|
||||
boot.kernel.sysctl =
|
||||
sysctl-entries
|
||||
// {
|
||||
|
@ -137,22 +164,22 @@ in {
|
|||
checkRuleset = true;
|
||||
ruleset = with inf; ''
|
||||
table inet filter {
|
||||
# set LANv4 {
|
||||
# type ipv4_addr
|
||||
# flags interval
|
||||
# elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
|
||||
# }
|
||||
# set LANv6 {
|
||||
# type ipv6_addr
|
||||
# flags interval
|
||||
# elements = { fd00::/8, fe80::/10 }
|
||||
# }
|
||||
# TODO: maybe tailnet?
|
||||
## set LANv4 {
|
||||
## type ipv4_addr
|
||||
## flags interval
|
||||
## elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
|
||||
## }
|
||||
## set LANv6 {
|
||||
## type ipv6_addr
|
||||
## flags interval
|
||||
## elements = { fd00::/8, fe80::/10 }
|
||||
## }
|
||||
## TODO: maybe tailnet?
|
||||
|
||||
# chain my_input_lan {
|
||||
# udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
|
||||
# udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
|
||||
# }
|
||||
## chain my_input_lan {
|
||||
## udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
|
||||
## udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
|
||||
## }
|
||||
|
||||
chain input {
|
||||
type filter hook input priority 0; policy drop;
|
||||
|
@ -187,12 +214,13 @@ in {
|
|||
udp dport { 80, 443 } accept comment "Allow QUIC to server (see nat prerouting)"
|
||||
tcp dport { 22 } accept comment "Allow SSH to server (see nat prerouting)"
|
||||
tcp dport { 25565 } accept comment "Allow Minecraft server connections (see nat prerouting)"
|
||||
udp dport { 34197 } accept comment "Allow Factorio server connections (see nat prerouting)"
|
||||
|
||||
iifname "${lan}" accept comment "Allow local network to access the router"
|
||||
iifname "tailscale0" accept comment "Allow local network to access the router"
|
||||
|
||||
# ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
|
||||
# ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
|
||||
## ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
|
||||
## ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
|
||||
|
||||
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
|
||||
}
|
||||
|
@ -207,13 +235,13 @@ in {
|
|||
accept
|
||||
}
|
||||
|
||||
# chain forward {
|
||||
# type filter hook forward priority filter; policy drop;
|
||||
## chain forward {
|
||||
## type filter hook forward priority filter; policy drop;
|
||||
|
||||
# iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
||||
# iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
||||
# iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
|
||||
# }
|
||||
## iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
||||
## iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
|
||||
## iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
|
||||
## }
|
||||
}
|
||||
|
||||
table ip nat {
|
||||
|
@ -229,6 +257,7 @@ in {
|
|||
iifname ${wan} tcp dport {26966} dnat to ${hosts.beefcake.ip}
|
||||
iifname ${wan} tcp dport {25565} dnat to ${hosts.bald.ip}
|
||||
iifname ${wan} udp dport {25565} dnat to ${hosts.bald.ip}
|
||||
iifname ${wan} udp dport {34197} dnat to ${hosts.beefcake.ip}
|
||||
}
|
||||
|
||||
chain postrouting {
|
||||
|
@ -240,20 +269,21 @@ in {
|
|||
};
|
||||
|
||||
# NOTE: see flake.nix 'nnf.nixosModules.default'
|
||||
# nftables.firewall = let
|
||||
# me = config.networking.nftables.firewall.localZoneName;
|
||||
# in {
|
||||
# enable = true;
|
||||
# snippets.nnf-common.enable = true;
|
||||
/*
|
||||
nftables.firewall = let
|
||||
me = config.networking.nftables.firewall.localZoneName;
|
||||
in {
|
||||
enable = true;
|
||||
snippets.nnf-common.enable = true;
|
||||
|
||||
# zones = {
|
||||
# ${interfaces.wan.name} = {
|
||||
# interfaces = [interfaces.wan.name interfaces.lan.name];
|
||||
# };
|
||||
# ${interfaces.lan.name} = {
|
||||
# parent = interfaces.wan.name;
|
||||
# ipv4Addresses = [cidr];
|
||||
# };
|
||||
zones = {
|
||||
${interfaces.wan.name} = {
|
||||
interfaces = [interfaces.wan.name interfaces.lan.name];
|
||||
};
|
||||
${interfaces.lan.name} = {
|
||||
parent = interfaces.wan.name;
|
||||
ipv4Addresses = [cidr];
|
||||
};
|
||||
## banned = {
|
||||
## ingressExpression = [
|
||||
## "ip saddr @banlist"
|
||||
|
@ -264,32 +294,33 @@ in {
|
|||
## "ip6 daddr @banlist6"
|
||||
## ];
|
||||
## };
|
||||
# };
|
||||
};
|
||||
|
||||
# rules = {
|
||||
# dhcp = {
|
||||
# from = "all";
|
||||
# to = [hosts.beefcake.ip];
|
||||
# allowedTCPPorts = [67];
|
||||
# allowedUDPPorts = [67];
|
||||
# };
|
||||
# http = {
|
||||
# from = "all";
|
||||
# to = [me];
|
||||
# allowedTCPPorts = [80 443];
|
||||
# };
|
||||
# router-ssh = {
|
||||
# from = "all";
|
||||
# to = [me];
|
||||
# allowedTCPPorts = [2201];
|
||||
# };
|
||||
# server-ssh = {
|
||||
# from = "all";
|
||||
# to = [hosts.beefcake.ip];
|
||||
# allowedTCPPorts = [22];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
rules = {
|
||||
dhcp = {
|
||||
from = "all";
|
||||
to = [hosts.beefcake.ip];
|
||||
allowedTCPPorts = [67];
|
||||
allowedUDPPorts = [67];
|
||||
};
|
||||
http = {
|
||||
from = "all";
|
||||
to = [me];
|
||||
allowedTCPPorts = [80 443];
|
||||
};
|
||||
router-ssh = {
|
||||
from = "all";
|
||||
to = [me];
|
||||
allowedTCPPorts = [2201];
|
||||
};
|
||||
server-ssh = {
|
||||
from = "all";
|
||||
to = [hosts.beefcake.ip];
|
||||
allowedTCPPorts = [22];
|
||||
};
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
|
@ -337,29 +368,35 @@ in {
|
|||
ConfigureWithoutCarrier = true;
|
||||
# IPv6AcceptRA = false;
|
||||
IPv6SendRA = true;
|
||||
DHCPv6PrefixDelegation = true;
|
||||
DHCPPrefixDelegation = true;
|
||||
};
|
||||
};
|
||||
|
||||
# WAN configuration requires DHCP to get addresses
|
||||
# we also disable some options to be certain we retain as much networking
|
||||
# control as we reasonably can, such as not letting the ISP determine our
|
||||
# hostname or DNS configuration
|
||||
# TODO: IPv6 (prefix delegation)
|
||||
/*
|
||||
WAN configuration requires DHCP to get addresses
|
||||
we also disable some options to be certain we retain as much networking
|
||||
control as we reasonably can, such as not letting the ISP determine our
|
||||
hostname or DNS configuration
|
||||
TODO: IPv6 (prefix delegation)
|
||||
*/
|
||||
"40-${interfaces.wan.name}" = {
|
||||
matchConfig.Name = "${interfaces.wan.name}";
|
||||
networkConfig = {
|
||||
Description = "WAN network - connection to fiber ISP jack";
|
||||
DHCP = true;
|
||||
# IPv6AcceptRA = true;
|
||||
# IPv6PrivacyExtensions = true;
|
||||
# IPForward = true;
|
||||
/*
|
||||
IPv6AcceptRA = true;
|
||||
IPv6PrivacyExtensions = true;
|
||||
IPForward = true;
|
||||
*/
|
||||
};
|
||||
dhcpV6Config = {
|
||||
# ForceDHCPv6PDOtherInformation = true;
|
||||
# UseHostname = false;
|
||||
# UseDNS = false;
|
||||
# UseNTP = false;
|
||||
/*
|
||||
ForceDHCPv6PDOtherInformation = true;
|
||||
UseHostname = false;
|
||||
UseDNS = false;
|
||||
UseNTP = false;
|
||||
*/
|
||||
PrefixDelegationHint = "::/56";
|
||||
};
|
||||
dhcpV4Config = {
|
||||
|
@ -385,17 +422,21 @@ in {
|
|||
|
||||
services.resolved.enable = false;
|
||||
|
||||
# dnsmasq serves as our DHCP and DNS server
|
||||
# almost all the configuration should be derived from the values at the top of
|
||||
# this file
|
||||
/*
|
||||
dnsmasq serves as our DHCP and DNS server
|
||||
almost all the configuration should be derived from the values at the top of
|
||||
this file
|
||||
*/
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
listen-address = "::,127.0.0.1,${ip}";
|
||||
port = 53;
|
||||
|
||||
# dhcp-authoritative = true;
|
||||
# dnssec = true;
|
||||
/*
|
||||
dhcp-authoritative = true;
|
||||
dnssec = true;
|
||||
*/
|
||||
enable-ra = true;
|
||||
|
||||
server = ["1.1.1.1" "9.9.9.9" "8.8.8.8"];
|
||||
|
@ -448,8 +489,10 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# since the home network reserves port 22 for ssh to the big server and to
|
||||
# gitea, the router uses port 2201 for ssh
|
||||
/*
|
||||
since the home network reserves port 22 for ssh to the big server and to
|
||||
gitea, the router uses port 2201 for ssh
|
||||
*/
|
||||
services.openssh.listenAddresses = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
|
@ -473,252 +516,254 @@ in {
|
|||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
# NOTE: everything from here on is deprecated or old stuff
|
||||
/*
|
||||
NOTE: everything from here on is deprecated or old stuff
|
||||
|
||||
# TODO: may not be strictly necessary for IPv6?
|
||||
# TODO: also may not even be the best implementation?
|
||||
# services.radvd = {
|
||||
# enable = false;
|
||||
TODO: may not be strictly necessary for IPv6?
|
||||
TODO: also may not even be the best implementation?
|
||||
services.radvd = {
|
||||
enable = false;
|
||||
## NOTE: this config is just the default arch linux config I think and may
|
||||
## need tweaking? this is what I had on the arch linux router, though :shrug:
|
||||
# config = ''
|
||||
# interface lo
|
||||
# {
|
||||
# AdvSendAdvert on;
|
||||
# MinRtrAdvInterval 3;
|
||||
# MaxRtrAdvInterval 10;
|
||||
# AdvDefaultPreference low;
|
||||
# AdvHomeAgentFlag off;
|
||||
config = ''
|
||||
interface lo
|
||||
{
|
||||
AdvSendAdvert on;
|
||||
MinRtrAdvInterval 3;
|
||||
MaxRtrAdvInterval 10;
|
||||
AdvDefaultPreference low;
|
||||
AdvHomeAgentFlag off;
|
||||
|
||||
# prefix 2001:db8:1:0::/64
|
||||
# {
|
||||
# AdvOnLink on;
|
||||
# AdvAutonomous on;
|
||||
# AdvRouterAddr off;
|
||||
# };
|
||||
prefix 2001:db8:1:0::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
AdvRouterAddr off;
|
||||
};
|
||||
|
||||
# prefix 0:0:0:1234::/64
|
||||
# {
|
||||
# AdvOnLink on;
|
||||
# AdvAutonomous on;
|
||||
# AdvRouterAddr off;
|
||||
# Base6to4Interface ppp0;
|
||||
# AdvPreferredLifetime 120;
|
||||
# AdvValidLifetime 300;
|
||||
# };
|
||||
prefix 0:0:0:1234::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
AdvRouterAddr off;
|
||||
Base6to4Interface ppp0;
|
||||
AdvPreferredLifetime 120;
|
||||
AdvValidLifetime 300;
|
||||
};
|
||||
|
||||
# route 2001:db0:fff::/48
|
||||
# {
|
||||
# AdvRoutePreference high;
|
||||
# AdvRouteLifetime 3600;
|
||||
# };
|
||||
route 2001:db0:fff::/48
|
||||
{
|
||||
AdvRoutePreference high;
|
||||
AdvRouteLifetime 3600;
|
||||
};
|
||||
|
||||
# RDNSS 2001:db8::1 2001:db8::2
|
||||
# {
|
||||
# AdvRDNSSLifetime 30;
|
||||
# };
|
||||
RDNSS 2001:db8::1 2001:db8::2
|
||||
{
|
||||
AdvRDNSSLifetime 30;
|
||||
};
|
||||
|
||||
# DNSSL branch.example.com example.com
|
||||
# {
|
||||
# AdvDNSSLLifetime 30;
|
||||
# };
|
||||
# };
|
||||
# '';
|
||||
# };
|
||||
DNSSL branch.example.com example.com
|
||||
{
|
||||
AdvDNSSLLifetime 30;
|
||||
};
|
||||
};
|
||||
'';
|
||||
};
|
||||
|
||||
# TODO: old config, should be deleted ASAP
|
||||
# services.dnsmasq = {
|
||||
# enable = false;
|
||||
# settings = {
|
||||
# # server endpoints
|
||||
# listen-address = "::1,127.0.0.1,${ip}";
|
||||
# port = "53";
|
||||
TODO: old config, should be deleted ASAP
|
||||
services.dnsmasq = {
|
||||
enable = false;
|
||||
settings = {
|
||||
# server endpoints
|
||||
listen-address = "::1,127.0.0.1,${ip}";
|
||||
port = "53";
|
||||
|
||||
# # DNS cache entries
|
||||
# cache-size = "10000";
|
||||
# DNS cache entries
|
||||
cache-size = "10000";
|
||||
|
||||
# # local domain entries
|
||||
# local = "/lan/";
|
||||
# domain = "lan";
|
||||
# expand-hosts = true;
|
||||
# local domain entries
|
||||
local = "/lan/";
|
||||
domain = "lan";
|
||||
expand-hosts = true;
|
||||
|
||||
# dhcp-authoritative = true;
|
||||
dhcp-authoritative = true;
|
||||
|
||||
# conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
|
||||
# dnssec = true;
|
||||
conf-file = "/usr/share/dnsmasq/trust-anchors.conf";
|
||||
dnssec = true;
|
||||
|
||||
# except-interface = "${wan_if}";
|
||||
# interface = "${lan_if}";
|
||||
except-interface = "${wan_if}";
|
||||
interface = "${lan_if}";
|
||||
|
||||
# enable-ra = true;
|
||||
enable-ra = true;
|
||||
|
||||
# # dhcp-option = "121,${cidr},${ip}";
|
||||
# dhcp-option = "121,${cidr},${ip}";
|
||||
|
||||
# dhcp-range = [
|
||||
# "lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
|
||||
# "tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
|
||||
# ];
|
||||
dhcp-range = [
|
||||
"lan,${dhcp_lease_space.min},${dhcp_lease_space.max},${netmask},10m"
|
||||
"tag:${lan_if},::1,constructor:${lan_if},ra-names,12h"
|
||||
];
|
||||
|
||||
# dhcp-host = [
|
||||
# "${hosts.dragon.host},${hosts.dragon.ip},12h"
|
||||
# "${hosts.beefcake.host},${hosts.beefcake.ip},12h"
|
||||
# ];
|
||||
dhcp-host = [
|
||||
"${hosts.dragon.host},${hosts.dragon.ip},12h"
|
||||
"${hosts.beefcake.host},${hosts.beefcake.ip},12h"
|
||||
];
|
||||
|
||||
# # may need to go in /etc/hosts (networking.extraHosts), too?
|
||||
# address = [
|
||||
# "/video.lyte.dev/192.168.0.9"
|
||||
# "/git.lyte.dev/192.168.0.9"
|
||||
# "/bw.lyte.dev/192.168.0.9"
|
||||
# "/files.lyte.dev/192.168.0.9"
|
||||
# "/vpn.h.lyte.dev/192.168.0.9"
|
||||
# "/.h.lyte.dev/192.168.0.9"
|
||||
# ];
|
||||
# may need to go in /etc/hosts (networking.extraHosts), too?
|
||||
address = [
|
||||
"/video.lyte.dev/192.168.0.9"
|
||||
"/git.lyte.dev/192.168.0.9"
|
||||
"/bw.lyte.dev/192.168.0.9"
|
||||
"/files.lyte.dev/192.168.0.9"
|
||||
"/vpn.h.lyte.dev/192.168.0.9"
|
||||
"/.h.lyte.dev/192.168.0.9"
|
||||
];
|
||||
|
||||
# server = [
|
||||
# "${ip}"
|
||||
# "8.8.8.8"
|
||||
# "8.8.4.4"
|
||||
# "1.1.1.1"
|
||||
# "1.0.0.1"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
server = [
|
||||
"${ip}"
|
||||
"8.8.8.8"
|
||||
"8.8.4.4"
|
||||
"1.1.1.1"
|
||||
"1.0.0.1"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: old config, should be deleted ASAP
|
||||
# nftables = {
|
||||
# enable = false;
|
||||
# flushRuleset = true;
|
||||
TODO: old config, should be deleted ASAP
|
||||
nftables = {
|
||||
enable = false;
|
||||
flushRuleset = true;
|
||||
|
||||
# tables = {
|
||||
# filter = {
|
||||
# family = "inet";
|
||||
# content = ''
|
||||
# chain input {
|
||||
# # type filter hook input priority filter; policy accept;
|
||||
# type filter hook input priority 0;
|
||||
tables = {
|
||||
filter = {
|
||||
family = "inet";
|
||||
content = ''
|
||||
chain input {
|
||||
# type filter hook input priority filter; policy accept;
|
||||
type filter hook input priority 0;
|
||||
|
||||
# # anything from loopback interface
|
||||
# iifname "lo" accept
|
||||
# anything from loopback interface
|
||||
iifname "lo" accept
|
||||
|
||||
# # accept traffic we originated
|
||||
# ct state { established, related } counter accept
|
||||
# ct state invalid counter drop
|
||||
# accept traffic we originated
|
||||
ct state { established, related } counter accept
|
||||
ct state invalid counter drop
|
||||
|
||||
# # ICMP
|
||||
# ip6 nexthdr icmpv6 icmpv6 type { echo-request, nd-neighbor-solicit, nd-neighbor-advert, nd-router-solicit, nd-router-advert, mld-listener-query, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept
|
||||
# ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } counter accept
|
||||
# ip protocol icmpv6 counter accept
|
||||
# ip protocol icmp counter accept
|
||||
# meta l4proto ipv6-icmp counter accept
|
||||
# udp dport dhcpv6-client counter accept
|
||||
# ICMP
|
||||
ip6 nexthdr icmpv6 icmpv6 type { echo-request, nd-neighbor-solicit, nd-neighbor-advert, nd-router-solicit, nd-router-advert, mld-listener-query, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept
|
||||
ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } counter accept
|
||||
ip protocol icmpv6 counter accept
|
||||
ip protocol icmp counter accept
|
||||
meta l4proto ipv6-icmp counter accept
|
||||
udp dport dhcpv6-client counter accept
|
||||
|
||||
# tcp dport { 64022, 22, 53, 67, 25565 } counter accept
|
||||
# udp dport { 64020, 22, 53, 67 } counter accept
|
||||
tcp dport { 64022, 22, 53, 67, 25565 } counter accept
|
||||
udp dport { 64020, 22, 53, 67 } counter accept
|
||||
|
||||
## iifname "iot" ip saddr $iot-ip tcp dport { llmnr } counter accept
|
||||
## iifname "iot" ip saddr $iot-ip udp dport { mdns, llmnr } counter accept
|
||||
# iifname "${lan_if}" tcp dport { llmnr } counter accept
|
||||
# iifname "${lan_if}" udp dport { mdns, llmnr } counter accept
|
||||
iifname "${lan_if}" tcp dport { llmnr } counter accept
|
||||
iifname "${lan_if}" udp dport { mdns, llmnr } counter accept
|
||||
|
||||
# counter drop
|
||||
# }
|
||||
counter drop
|
||||
}
|
||||
|
||||
# # allow all outgoing
|
||||
# chain output {
|
||||
# type filter hook output priority 0;
|
||||
# accept
|
||||
# }
|
||||
# allow all outgoing
|
||||
chain output {
|
||||
type filter hook output priority 0;
|
||||
accept
|
||||
}
|
||||
|
||||
# chain forward {
|
||||
# type filter hook forward priority 0;
|
||||
# accept
|
||||
# }
|
||||
# '';
|
||||
# };
|
||||
chain forward {
|
||||
type filter hook forward priority 0;
|
||||
accept
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
# nat = {
|
||||
# family = "ip";
|
||||
# content = ''
|
||||
# set masq_saddr {
|
||||
# type ipv4_addr
|
||||
# flags interval
|
||||
# elements = { ${cidr} }
|
||||
# }
|
||||
nat = {
|
||||
family = "ip";
|
||||
content = ''
|
||||
set masq_saddr {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = { ${cidr} }
|
||||
}
|
||||
|
||||
# map map_port_ipport {
|
||||
# type inet_proto . inet_service : ipv4_addr . inet_service
|
||||
# }
|
||||
map map_port_ipport {
|
||||
type inet_proto . inet_service : ipv4_addr . inet_service
|
||||
}
|
||||
|
||||
# chain prerouting {
|
||||
# iifname ${lan_if} accept
|
||||
chain prerouting {
|
||||
iifname ${lan_if} accept
|
||||
|
||||
# type nat hook prerouting priority dstnat + 1; policy accept;
|
||||
# fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
|
||||
type nat hook prerouting priority dstnat + 1; policy accept;
|
||||
fib daddr type local dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
|
||||
|
||||
# iifname ${wan_if} tcp dport { 22, 80, 443, 25565, 64022 } dnat to ${hosts.beefcake.ip}
|
||||
# iifname ${wan_if} udp dport { 64020 } dnat to ${hosts.beefcake.ip}
|
||||
iifname ${wan_if} tcp dport { 22, 80, 443, 25565, 64022 } dnat to ${hosts.beefcake.ip}
|
||||
iifname ${wan_if} udp dport { 64020 } dnat to ${hosts.beefcake.ip}
|
||||
|
||||
## iifname ${wan_if} tcp dport { 25565 } dnat to 192.168.0.244
|
||||
## iifname ${wan_if} udp dport { 25565 } dnat to 192.168.0.244
|
||||
|
||||
## router
|
||||
# iifname ${wan_if} tcp dport { 2201 } dnat to ${ip}
|
||||
# }
|
||||
iifname ${wan_if} tcp dport { 2201 } dnat to ${ip}
|
||||
}
|
||||
|
||||
# chain output {
|
||||
# type nat hook output priority -99; policy accept;
|
||||
# ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
|
||||
# }
|
||||
chain output {
|
||||
type nat hook output priority -99; policy accept;
|
||||
ip daddr != 127.0.0.0/8 oif "lo" dnat ip addr . port to meta l4proto . th dport map @map_port_ipport
|
||||
}
|
||||
|
||||
# chain postrouting {
|
||||
# type nat hook postrouting priority srcnat + 1; policy accept;
|
||||
# oifname ${lan_if} masquerade
|
||||
# ip saddr @masq_saddr masquerade
|
||||
# }
|
||||
# '';
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
chain postrouting {
|
||||
type nat hook postrouting priority srcnat + 1; policy accept;
|
||||
oifname ${lan_if} masquerade
|
||||
ip saddr @masq_saddr masquerade
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: also want to try to avoid using dhcpcd for IPv6 since systemd-networkd
|
||||
# should be sufficient?
|
||||
# dhcpcd = {
|
||||
# enable = false;
|
||||
# extraConfig = ''
|
||||
# duid
|
||||
TODO: also want to try to avoid using dhcpcd for IPv6 since systemd-networkd
|
||||
should be sufficient?
|
||||
dhcpcd = {
|
||||
enable = false;
|
||||
extraConfig = ''
|
||||
duid
|
||||
|
||||
## No way.... https://github.com/NetworkConfiguration/dhcpcd/issues/36#issuecomment-954777644
|
||||
## issues caused by guests with oneplus devices
|
||||
# noarp
|
||||
noarp
|
||||
|
||||
# persistent
|
||||
# vendorclassid
|
||||
persistent
|
||||
vendorclassid
|
||||
|
||||
# option domain_name_servers, domain_name, domain_search
|
||||
# option classless_static_routes
|
||||
# option interface_mtu
|
||||
# option host_name
|
||||
# #option ntp_servers
|
||||
option domain_name_servers, domain_name, domain_search
|
||||
option classless_static_routes
|
||||
option interface_mtu
|
||||
option host_name
|
||||
#option ntp_servers
|
||||
|
||||
# require dhcp_server_identifier
|
||||
# slaac private
|
||||
# noipv4ll
|
||||
# noipv6rs
|
||||
require dhcp_server_identifier
|
||||
slaac private
|
||||
noipv4ll
|
||||
noipv6rs
|
||||
|
||||
# static domain_name_servers=${ip}
|
||||
static domain_name_servers=${ip}
|
||||
|
||||
# interface ${wan_if}
|
||||
# gateway
|
||||
# ipv6rs
|
||||
# iaid 1
|
||||
interface ${wan_if}
|
||||
gateway
|
||||
ipv6rs
|
||||
iaid 1
|
||||
## option rapid_commit
|
||||
## ia_na 1
|
||||
# ia_pd 1 ${lan_if}
|
||||
ia_pd 1 ${lan_if}
|
||||
|
||||
# interface ${lan_if}
|
||||
# static ip_address=${cidr}
|
||||
# static routers=${ip}
|
||||
# static domain_name_servers=${ip}
|
||||
# '';
|
||||
# };
|
||||
interface ${lan_if}
|
||||
static ip_address=${cidr}
|
||||
static routers=${ip}
|
||||
static domain_name_servers=${ip}
|
||||
'';
|
||||
};
|
||||
*/
|
||||
}
|
||||
|
|
|
@ -5,9 +5,6 @@
|
|||
}: {
|
||||
networking.hostName = "thablet";
|
||||
|
||||
home-manager.users.daniel = {
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
services.fprintd = {
|
||||
|
@ -48,7 +45,11 @@
|
|||
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
powerOnBoot = true;
|
||||
powerOnBoot = false;
|
||||
};
|
||||
|
||||
services.power-profiles-daemon = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
@ -61,5 +62,19 @@
|
|||
};
|
||||
};
|
||||
|
||||
home-manager.users.daniel = {
|
||||
wayland.windowManager.sway = {
|
||||
config = {
|
||||
output = {
|
||||
"AU Optronics 0x2236 Unknown" = {
|
||||
mode = "2560x1440@60Hz";
|
||||
position = "0,0";
|
||||
scale = toString 1.25;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
||||
|
|
|
@ -6,10 +6,12 @@
|
|||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
# sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}'
|
||||
# the above won't work for btrfs, instead you need
|
||||
# btrfs inspect-internal map-swapfile -r /swap/swapfile
|
||||
# https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
|
||||
/*
|
||||
sudo filefrag -v /swap/swapfile | awk '$1=="0:" {print substr($4, 1, length($4)-2)}'
|
||||
the above won't work for btrfs, instead you need
|
||||
btrfs inspect-internal map-swapfile -r /swap/swapfile
|
||||
https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file
|
||||
*/
|
||||
kernelParams = ["boot.shell_on_fail"];
|
||||
initrd.availableKernelModules = ["xhci_pci" "nvme" "ahci"];
|
||||
};
|
||||
|
|
|
@ -5,22 +5,28 @@
|
|||
pkgs = import nixpkgs {inherit (final) system;};
|
||||
};
|
||||
|
||||
# This one contains whatever you want to overlay
|
||||
# You can change versions, add patches, set compilation flags, anything really.
|
||||
# https://nixos.wiki/wiki/Overlays
|
||||
/*
|
||||
This one contains whatever you want to overlay
|
||||
You can change versions, add patches, set compilation flags, anything really.
|
||||
https://nixos.wiki/wiki/Overlays
|
||||
*/
|
||||
modifications = final: prev: {
|
||||
# final.fprintd = prev.fprintd.overrideAttrs {
|
||||
# # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
|
||||
# mesonCheckFlags = [
|
||||
# # PAM related checks are timing out
|
||||
# "--no-suite"
|
||||
# "fprintd:TestPamFprintd"
|
||||
# ];
|
||||
# };
|
||||
/*
|
||||
final.fprintd = prev.fprintd.overrideAttrs {
|
||||
# Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
|
||||
mesonCheckFlags = [
|
||||
# PAM related checks are timing out
|
||||
"--no-suite"
|
||||
"fprintd:TestPamFprintd"
|
||||
];
|
||||
};
|
||||
*/
|
||||
};
|
||||
|
||||
# When applied, the unstable nixpkgs set (declared in the flake inputs) will
|
||||
# be accessible through 'pkgs.unstable'
|
||||
/*
|
||||
When applied, the unstable nixpkgs set (declared in the flake inputs) will
|
||||
be accessible through 'pkgs.unstable'
|
||||
*/
|
||||
unstable-packages = final: _prev: {
|
||||
unstable = import nixpkgs {
|
||||
system = final.system;
|
||||
|
|
|
@ -34,10 +34,10 @@ in ((iosevka.override {
|
|||
menu = 900
|
||||
css = 900
|
||||
|
||||
# [[buildPlans.Iosevka${set}.compatibility-ligatures]]
|
||||
# unicode = 57600 # 0xE100
|
||||
# featureTag = 'calt'
|
||||
# kequence = '<*>'
|
||||
## [[buildPlans.Iosevka${set}.compatibility-ligatures]]
|
||||
## unicode = 57600 # 0xE100
|
||||
## featureTag = 'calt'
|
||||
## kequence = '<*>'
|
||||
|
||||
[buildPlans.Iosevka${set}.variants]
|
||||
inherits = "ss01"
|
||||
|
|
|
@ -15,7 +15,9 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A
|
|||
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
|
||||
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
|
||||
nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
|
||||
grafana-admin-password: ENC[AES256_GCM,data:SpxQ7FgFoF5cZj5+1ug=,iv:NaQPIqFE62PHC14rT/xqYchdt7IykS8jJhuGRcC2SjM=,tag:Q8QtHiE4Beh5GG/IcvjG4w==,type:str]
|
||||
netlify-ddns-password: ENC[AES256_GCM,data:mz9MS93ZPbtziwo56DP27q5ZgA1rgCptQpgTPrq2Ihc3KjSxSACJ6p6t8NjRPr4lSDLPzDa47OnRct/N4fcm5Q==,iv:upOh9S0wvTXBwfso3GhQzpl5befY0T0hTW/LGNcvv0k=,tag:/LNP0wIaxtExulV0blVkXA==,type:str]
|
||||
grafana-smtp-password: ENC[AES256_GCM,data:eSzFlEcgSPEy7p0QW6Pr6Z86TRHuuIJcM7nSI7bBBFy/9/VQaYk6+Ztu049ZGrejPNk=,iv:o14YoiTE4dCKw/Rbh/B2m2b5oyitvaB+FnLxydgu75c=,tag:4iRngd9OiZMq5RTVKdklHw==,type:str]
|
||||
#ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment]
|
||||
forgejo-runner.env: ENC[AES256_GCM,data:x4EaDzK4W34ZEZ/Inakore2YABZf8e7TBBjoC6xTPZ9GBrSZCE85FOcHAmMXPDo=,iv:bNGOsLnhxnlC/opCKT1DSsGoWdmgJ8NgEPY3ySlN108=,tag:Ijp3qHBSdv6EDaZdomJhAA==,type:str]
|
||||
jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
|
||||
|
@ -24,6 +26,8 @@ api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/n
|
|||
restic-rascal-passphrase: ENC[AES256_GCM,data:yonKbBh4riGwxc/qcj8F/qrgAtA1sWhYejw9rdOTdCNW3a7zL/Ny1+XCI/P3bMOsY6UTmg/gxA2itp4cSbvqjg==,iv:5GwaEExn7b3dIkCVehLxaBXW+nUuSexY/bcqfCUwF5Q=,tag:dinyyw2XeVoSnw/IsYfK0w==,type:str]
|
||||
restic-rascal-ssh-private-key: ENC[AES256_GCM,data:ddsOs0XsayyQI9qc6LzwQpdDnfwNpbj8PbBJ5fyuqtlVNYndeLxaYcbZI2ULSUhgR1tN0FS+ggGTHQhVvjwksNvpskUGHNKkSLKH3D/mn5N9tsoeAblN4gZsloZdqXBVzEehumcQMdhh6iy6NkNbuinKrVKDhLV25PrFKuSBEYw9VHU7HAMW5Tfop3RzBXjZWETCDAR2OQa7d1dXsJ0Kw6b9RFmRe5MGQ0J7YhjdTg26JGMMVSeHvr5UbiUJkGA5RvOLEDM2Dfai7Lf8yRPZVxUl+rdRsNvNYEoYGu5rGLUFcuqIbQ+s40dP2uXwWauwkIvHUjEahkbP0httj4Kg3qIJBRPg7OuS+MOwAnLEAs3hl5zeBV396yA9qjWW8nhnbml58/uFFbfXbJWTM3r8cMpFbHKD+Ojo/99fm5Vy3pAMzNzEsHOaT+iyDYyNkV5OH1GyKK9n7kIRLdqmWe7GmaKXlwVvNUPi3RvLX9VXq83a4BuupFyTmaNfPGMs/17830aleV674+QVgKh3VyFtuJy6KBpMXDv16wFo,iv:S2I3h6pmKLxEc29E0zn2b8lscqA//5/ZMTV9q+/tdvs=,tag:ALeCT+nrVPDfS21xC555sA==,type:str]
|
||||
restic-ssh-priv-key-benland: ENC[AES256_GCM,data:G+uiYZTvqXhpJb66j6Q6S+otlXeRX0CdYeMHzSMjIbvbI0AVm0yCU7COO5/O8i47NpvrKKS1kVxVEK8ixLRUowkl3hgRXhxsBIPFnpkMD0ENmJttm4HOpi0qIWMwzPYTjkz/slY4HcTFnCfYy1ZpURQdWwZsr1EdAA05bUMTtM22R3uOMzjO8uf72PCWX7yffo8MxsLmWvNVAOhVlrb2H5KQNR/IquFK3TFoZitq5nVDG9tcEFkX+lgA3zsmCHU/2DvvodgeRoltaAFvgjVznNGf4e5p8owHUtSzX52HwGZRiUlMuhpre2gm1r73n8AyZe41II+LX/85fMfZDdyayIGv3AAMBib8H0/AoChexRcdLQEmzOgRrXsgucDJrWSWP6WMBVyamUm79m5ep0fvL1lJftuJqN0uuq9dBrispdso4x+6jk/pDf5pEM/FE6s1rY832BEb7q0PnjyvVogOez+cIihmMpDdnS0A/8TFzg29i3C+93x5vrt3k7atNzR/jN+/GqX2FKLzxWrrIw2d,iv:IP+N8JQu+XRvwTtBnxu54ujzU5UliltXG3mk9HfJaN8=,tag:4oinE9QMaSh8IfUd/ttM3Q==,type:str]
|
||||
paperless-superuser-password: ENC[AES256_GCM,data:lypWK73mOYI2hyQAW/4T3cDiVtsts3kKb7LZb9ES3n97Kn5l,iv:jBHUBFbb4GqQ3gnK0h5VCaGj3/kd3/eGa1QFiE7+B9I=,tag:UoQar+x1xVnCV2k+9hYjWA==,type:str]
|
||||
factorio-server-settings: ENC[AES256_GCM,data:ItK+/eONdAqNAiQxCrCipUmTdIKt274qwVyNnSdOdxxd67XGozs/xr/cCYwwDiUyKQ7mD8oBLL6EVaHbXpObLwGe0Nsnz5jE9GtI0k5184/jsQ==,iv:Qre+BKhdqNDNuOz0PGZJJpTmQxJdNoTbd5FxRy0lrVs=,tag:G4dFdVclUdagyA84Yh653w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -48,8 +52,8 @@ sops:
|
|||
bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq
|
||||
rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-06T21:22:57Z"
|
||||
mac: ENC[AES256_GCM,data:suoBGuZnfZpo55g+sq6MXDvecwhhWRS9gtTlCvnWmSvWT+K8TFXHcz9cLZT5U2N4ueSYJovRoKPoAv9rKgtLHSSg+JKI0b0cErQge75970bTbeMKMl+SJmYF0T0ht5+8n5zjhnQjVo2mHmJJI1IekumsoNJ9+F6USPBidiK0uNU=,iv:7dMsEnXylvn0vVfmU9pQt1BgrqfKdSyoBbNTUZ782Uo=,tag:E3u9LVcdTKa7mjAxQ/m9rw==,type:str]
|
||||
lastmodified: "2024-10-14T14:58:39Z"
|
||||
mac: ENC[AES256_GCM,data:cNVTWA2S9SMEqoDz7jHuN/9hO20kDyoR03vKw8D72VJiqDEVvAkYeRu6KmGI7DWcfV/2OIrwVjyt+zry92ksYPmF1Xx8s4hu6Z0ooi7mvNrtSMnOLJ68mfpERbdBBcnvX5YivS50mbPhif/kvb5IgUxIQvo2NGFC9Sj7ZnXLa+U=,iv:kKkHVNJ0JE4CRvQdLAfFHKeL4h3o7Z6HJ57HzsqKTJY=,tag:k9K7NS2TZ0uk9u0yd9IAOg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
30
secrets/dragon/secrets.yml
Normal file
30
secrets/dragon/secrets.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
ddns-pass: ENC[AES256_GCM,data:/Dpjl761JLHTM+we1PJs7pkcHcWzBk0jQ1bP4plOYGS4N3vXhXn1bHCYmENlrOwU3riETBZ5OeRA1LvFNZHPQw==,iv:LbgN5utHUBZRV49e6ux7HPG0xt4ydTqyZA+NZuaJnWs=,tag:l0VRaMJ6ie63lej6mZTMPg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTitMaFRiK1BSMEcwRmNk
|
||||
Q0hmOGlZSFpkUUhyZkkwSU40QXB5cmlkR1FRCkRhbVBXQ2FjUzRhdEhrSEZKcWhM
|
||||
dTNuVUljU0NSbVQzbXhZeFNENmN5QjgKLS0tIDFncEMrUCtWWTMyUGZIelY5aXB4
|
||||
NmJWeDFSVVoxZCtRWlhNNXNyVWRvY28KgPbg6RScxBrxI0DvD6R7iKm8/70kJLdG
|
||||
FhbgK9d/7UPMfefluEah7vKzXV/dn+/4KsCJuKFFZ1AsM5hDFQ+JGQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ez4why08hdx0qf940cjzs6ep4q5rk2gqq7lp99pe58fktpwv65esx4xrht
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXa1owK21QNUovZzZHekpw
|
||||
OWdsSy9ZcmhGNzc1enNGVHRHTTlSb1E5UEJJCkF3MlpYQ1c5UGNySk94aENHMDh2
|
||||
ME1rUlZscHFYSUVwOWFSczZGV2Z5aEEKLS0tIFlXTUFZaVJtWXltZGdEZzJPSjFJ
|
||||
bTdCNS9zMzdvT2NiZVRyT1JzVmRFUFEKguq2i4rnVvGECZlUcEEubXfv4Ya/zI1N
|
||||
3mWQslPHgnnWuwG7flbvafHYnyZCXsMqNKnNDM6wayDgKAbtCx3Syg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-14T12:41:15Z"
|
||||
mac: ENC[AES256_GCM,data:sO3omCYH1urB/qcW3VippCinCUO1cmp5KrUSQk5ms7k+i9xUhdL3tTYHGVTa4PHV6VluukKnHuwAijo+rneNdCeMdIkAEskk/X6SDYgkwmjXuNcNEA4la22EqSrenJ8W3UafHDvP8+vpUKAzVo0E82Vmo9/YNJaqvqQM8PtciSc=,iv:2GboNZpAezZsWK3CbcwVw40zW4CucP3JhsYlvZ/Hy2M=,tag:w3XmkN76oYV+PmliPB01MQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
30
secrets/router/secrets.yml
Normal file
30
secrets/router/secrets.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
netlify-ddns-password: ENC[AES256_GCM,data:zp58uV2L+/n/9Cvp1BnQBhdfmNfuyH8C73R6JYrJ3pw0QbEpPpIWuzod9S28QxNq50Bj5/zGzE+D125dkYFX0A==,iv:kceEl04Nb6LWcyjl2fHYjsl0RSO8OulN3DKlDLwjIu4=,tag:nOi2H56dEX9K5okaiDaWOQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQlZqSzBaTUROMkp2K2xI
|
||||
Z0ZIdllGNnlNYnFtVERPbVN6Y1FnWC9aeGlFCnZYci9CblA3VFZsOG5OOXE3cDZj
|
||||
TlZkbU0yY0F1ZDA5amczRVFldU1ZWGcKLS0tIEFTdi9uRFdlQW1MbUdSdm9jRW5n
|
||||
emxsSGN2b3JLZGNYQmVDYk96QUY5aVEK0w7Q/zEsIJKFcQjhgQovmRs4Iv6bhuaz
|
||||
cKn8M/p8dG+p5G50ALsiIiuTFBUM7vmFVF000PxqsEFr0Yl6eDg+uA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zd7c3g5d20shdftq8ghqm0r92488dg4pdp4gulur7ex3zx2yq35ssxawpn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZK1lRTlRIc2ZxcllsRFRp
|
||||
aEZIOC80TSt2Ly9MUEdiVGQ5akkrUUJwcDFJClIyMUl0SWY3TXFLcWl0TGw3K3VM
|
||||
N0VWaGpCaVp6MXg4M2pwcnNhNkhPYjQKLS0tIEZOVGVTcUxaMmxBNEVJQ2VFSjRm
|
||||
L2lpaExJM2FkUFdqa3JpalZmOFZYV0kKmXlu5CUIYnNEOlIco3JveS7KdiF2yWTn
|
||||
r/KOKA9/v3zPbnsYc+HETxYNy1OWrQ/qDGIbR6jz8L5+v35FN+larw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-13T05:37:38Z"
|
||||
mac: ENC[AES256_GCM,data:r1qpYSojCuN84FYX1c684XifKMKUPTOl7dvzuoYYuLf+mwbZrD4fUErDmZczzA4g2ttSNNv05bEq5D7XgfoXPcbhqtj/jggxvX4EGLltpo3Jy77EyKabr1c7KsYV3ciYT13sRGzFYrge06wVrUUPpozPfvAbp1qv0CwK4dUg4dc=,iv:Bpnrx8KcZnWkld4f3VRl39xMmaU388KQunig9xohUto=,tag:vKUupMf/dRb5bY8BMV4oVw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
|
@ -47,19 +47,21 @@
|
|||
src = ./.;
|
||||
pname = "api.lyte.dev";
|
||||
in {
|
||||
# this-package = mixRelease {
|
||||
# inherit pname version src;
|
||||
# mixFodDeps = fetchMixDeps {
|
||||
# inherit version src;
|
||||
# pname = "mix-deps-${pname}";
|
||||
# hash = pkgs.lib.fakeSha256;
|
||||
# };
|
||||
# buildInputs = with pkgs; [sqlite];
|
||||
# HOME = "$(pwd)";
|
||||
# MIX_XDG = "$HOME";
|
||||
# };
|
||||
/*
|
||||
this-package = mixRelease {
|
||||
inherit pname version src;
|
||||
mixFodDeps = fetchMixDeps {
|
||||
inherit version src;
|
||||
pname = "mix-deps-${pname}";
|
||||
hash = pkgs.lib.fakeSha256;
|
||||
};
|
||||
buildInputs = with pkgs; [sqlite];
|
||||
HOME = "$(pwd)";
|
||||
MIX_XDG = "$HOME";
|
||||
};
|
||||
|
||||
# default = outputs.packages.${system}.this-package;
|
||||
default = outputs.packages.${system}.this-package;
|
||||
*/
|
||||
});
|
||||
|
||||
devShells = forAllSystems (system: let
|
||||
|
|
|
@ -35,12 +35,14 @@
|
|||
default = self.outputs.devShells.${pkgs.system}.nix;
|
||||
});
|
||||
|
||||
# packages = genPkgs (pkgs: import ./pkgs {inherit pkgs;});
|
||||
# overlays = import ./overlays self;
|
||||
# nixosModules = import ./modules/nixos;
|
||||
# homeManagerModules = import ./modules/home-manager;
|
||||
# nixosConfigurations = import ./nixos;
|
||||
# homeConfigurations = import ./home
|
||||
# templates = import ./templates;
|
||||
/*
|
||||
packages = genPkgs (pkgs: import ./pkgs {inherit pkgs;});
|
||||
overlays = import ./overlays self;
|
||||
nixosModules = import ./modules/nixos;
|
||||
homeManagerModules = import ./modules/home-manager;
|
||||
nixosConfigurations = import ./nixos;
|
||||
homeConfigurations = import ./home
|
||||
templates = import ./templates;
|
||||
*/
|
||||
};
|
||||
}
|
||||
|
|
|
@ -22,12 +22,14 @@
|
|||
alejandra.enable = true;
|
||||
# NOTE: These do not work well with `nix flake check` due to pure environments
|
||||
# https://github.com/cachix/git-hooks.nix/issues/452
|
||||
# cargo-check.enable = true;
|
||||
# clippy = {
|
||||
# enable = true;
|
||||
# packageOverrides.cargo = pkgs.cargo;
|
||||
# packageOverrides.clippy = pkgs.rustPackages.clippy;
|
||||
# };
|
||||
/*
|
||||
cargo-check.enable = true;
|
||||
clippy = {
|
||||
enable = true;
|
||||
packageOverrides.cargo = pkgs.cargo;
|
||||
packageOverrides.clippy = pkgs.rustPackages.clippy;
|
||||
};
|
||||
*/
|
||||
rustfmt = {
|
||||
enable = true;
|
||||
packageOverrides.rustfmt = pkgs.rustfmt;
|
||||
|
@ -41,13 +43,15 @@
|
|||
pname = "kodotag";
|
||||
version = "0.1.0";
|
||||
|
||||
# nativeBuildInputs = with pkgs; [
|
||||
# pkg-config
|
||||
# clang
|
||||
# ];
|
||||
/*
|
||||
nativeBuildInputs = with pkgs; [
|
||||
pkg-config
|
||||
clang
|
||||
];
|
||||
|
||||
# buildInputs = with pkgs; [
|
||||
# ];
|
||||
buildInputs = with pkgs; [
|
||||
];
|
||||
*/
|
||||
|
||||
src = ./.;
|
||||
hash = pkgs.lib.fakeHash;
|
||||
|
|
Loading…
Reference in a new issue